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Intellectual Property Rights 
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pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found 
in ETSI SR 000 314: "Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in 
respect of ETSI standards", which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web 
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This Technical Specification (TS) has been produced by ETSI Project Telecommunications and Internet Protocol 
Harmonization Over Networks (TIPHON). 
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Scope 



The scope of the present document is to define the security test specifications for TIPHON Release 4 for the H.323 [5] 
environment. 

The security methods considered in the present document are related only to IP based networks. The signalling path and 
the media path in the SCN is considered to be secure ("Trust by wire"). 

This security test specification does not explain recommendation H.235 [2] and the annexes, nor does it explain how to 
implement the security procedures. For further information on H.235, please refer to [2] or [4]. 

Rather, the present document provides a step-wise implementation approach showing example security message 
processing along with the generated output. 
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The following documents contain provisions which, through reference in this text, constitute provisions of the present 
document. 

• References are either specific (identified by date of publication and/or edition number or version number) or 
non-specific. 

• For a specific reference, subsequent revisions do not apply. 

• For a non-specific reference, the latest version applies. 

Referenced documents which are not found to be publicly available in the expected location might be found at 
http://docbox.etsi.org/Reference . 

[1] ITU-T Recommendation H. 225.0: "Call signalling protocols and media stream packetization for 

packet based multimedia communication systems". 

[2] ITU-T Recommendation H.235: "Security and Encryption for H. series (H.323 and other H.245 

based) multimedia terminals ". 

[3] ITU-T Recommendation H.235 Annex F: "Hybrid Security Profile". 

[4] ITU-T Recommendation H.245: "Control protocol for multimedia communication". 

[5] ITU-T Recommendation H.323: "Packet based multimedia communications systems". 

[6] ETSI TS 101 883: "Telecommunications and Internet Protocol Harmonization Over Networks 

(TIPHON) Release 4: Interface Protocol Requirements Definition; Implementation of TIPHON 
architecture using H.323". 
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3 Definitions and abbreviations 

3.1 Definitions 

For the purpose of the present document, the definitions given in the IUT-T Recommendations H. 225.0 [1], H.235 [2], 
H.245 [4] and H.323 [5]. 

3.2 Abbreviations 

For the purposes of the present document, the following abbreviations apply: 



A 


Audio 


ARQ 


Admissions ReQuest 


ACF 


Admissions ConFirm 


ARJ 


Admissions Reject 


A/V 


Audio/Video 


D 


Data 


DRQ 


Disengage Request 


DCF 


Disengage Confirm 


IP 


Internet Protocol 


LRQ 


Location Request 


LCF 


Location Confirm 


QoS 


Quality of Service 


SCN 


Switched Circuit Networks 



Security test strategy 



Security testing should be performed after a vendor has completed product and system testing with the ETSI testing 
standards. 

The basic idea for security testing is to show the generation and insertion of the security bits into the specific parameters 
of the H.323 [5] messages. Because this mechanism is exactly the same on the senders and the receiver's side, no 
distinction is necessary. 

To test entities for their implementation of security two entities (that are already interworking) need to be connected. In 
the case of an incorrect security information it is necessary to go into the detail of the generation of the security bits. In 
order to be able to determine the reason for this failure the security tests strategy is just to look at the different steps of 
the generation and insertion of the security bits into the protocol elements. This is the only way to determine the failure. 

The Security testing shall be performed for the following configurations: 

• Signalling path: 

Gatekeeper and Terminal; 
Gatekeeper and Gateway; 
Gatekeeper and Gatekeeper. 

• Media path: 

Terminal and Terminal; 
Terminal and Gateway; 
Gateway and Gateway. 
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• Global Service Providers: 

BES and TRC; 

BES and CH; 

BES and CA. 

The security testing shall be performed in three different parts where the first part deals with the security testing for the 
signalling path (Terminal, Gatekeeper, Gateway) using annex D of H. 235 [2]. The second part deals with the security 
aspects for the signalling path equivalent to the first but using annex F of H.235 [2] and the media path using H.235. 
The third part handles the security testing from the BES to the global service providers. 



5 H.235 Annex D 

5.1 Overview 

Figure 1 shows the basic steps to be taken at the originating entity and illustrates the procedures specified by Annex D 
of H.235 [2], in particular clauses D.6.3.2 and D.6.3.3. 
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Figure 1 : Stepwise approach for sender 

Figure 2 shows the basic steps to be taken at the receiving side starting with the entire message, decoding, breaking it 
into pieces and extracting the necessary parts and the final computation/verification step. 

NOTE 1: The figures just visualize the essential steps as an example and correlate with the print out in clause 5.3; 
in any case, the procedures and description of annex D of H.235 [2] take precedence. 

NOTE 2: The print out in clause 5.4 reflect H.235 V2 with the sendersID used. 

NOTE 3: The figures and print out reflect a scenario endpoint to gatekeeper; other scenarios and examples are not 
shown. 
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NOTE 4: The default pattern is a local value that is being used temporarily when computing the hash value, see 
clause D.6.3. 3.2 of H.235 [2]. 
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Figure 2: Stepwise approach for receiver 
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5.2 Received message 



The examples shown in clauses 5.2 and 5.3 use the RRQ sent by a Terminal and received at the Gatekeeper. The print 
out in clauses 5.2 and 5.3 reflects H.235V1, i.e. sendersID is not used. 

• The received RRQ message is given in binary and with all fields shown. 

• The received binary message part is given and the separate steps shown for the verification. 
Password = fries 

SHA1 = 91 27 1C 95 F0 A3 A0 6F 0D 79 75 Bl 19 5F Al 28 8A 86 B6 D4 

A received RRQ message with embedded Cryptotoken: 

* RECEIVE RRQ FROM EP AT GK * 



14:34: 

14:34: 

14:34: 

14:34: 

(4. .4) 

14:34 

14:34 

14:34 

14:34 

14:34 

14:34 

(4. .4; 

14:34 

14:34 

14:34 

14:34 

14:34 

14:34 

14:34 

14:34 

14:34 

14:34 

14:34 

14:34 

14:34 

14:34 

14:34 

14:34 

14:34 

14:34 

14:34 

14:34 

14:34 

14:34 

14:34 

14:34 

14:34 



12 TPKTCHAN 
12 TPKTCHAN 
12 TPKTCHAN 
12 TPKTCHAN 

12 TPKTCHAN 
21 UDPCHAN 
21 UDPCHAN 
21 UDPCHAN 
21 UDPCHAN 
21 UDPCHAN 

21 UDPCHAN 

21 UDPCHAN 

21 UDPCHAN 

21 UDPCHAN 

21 UDPCHAN 

21 UDPCHAN 

21 UDPCHAN 

21 UDPCHAN 

21 UDPCHAN 

21 UDPCHAN 

21 UDPCHAN 

21 UDPCHAN 

21 UDPCHAN 

21 UDPCHAN 

21 UDPCHAN 

21 UDPCHAN 

21 UDPCHAN 

21 UDPCHAN 

21 UDPCHAN 

21 UDPCHAN 

21 UDPCHAN 

21 UDPCHAN 

21 UDPCHAN 

21 UDPCHAN 

21 UDPCHAN 



Address : 
0> <14> TransportAddress = 
1> . <289> ipAddress = (0) 
2> . . <290> ip = (4) 



(0) . <1084> CHOICE . . . 
<1081> SEQUENCE 
j 1 =0x8bl7ca6a <139 . 23 . 202 . 106> 



<1066> OCTET STRING 



<115> INTEGER (0.. 65535) 
- registrationRequest : 



: 2> . . <292> port = (1720) . 

New message (channel 0) recv <- 

Address : 
0> <669> TransportAddress = (0) . <1084> CHOICE ... 
1> . <670> ipAddress = (0) . <1081> SEQUENCE 
2> . . <671> ip = (4) '...j' =0x8bl7ca6a <139 . 23 . 202 . 106> 



2> . . 

Binary : 

00000 

00016 

00032 

00048 

00064 

00080 

00096 

00112 

00128 

00144 

00160 

00176 

00192 

00208 

00224 

00240 

00256 

00272 

00288 

00304 

00320 

00336 

00352 



<673> port = (1151) 



<115> INTEGER (0.. 65535) 



Of 80 3a 
88 53 02 
00 21 72 
12 fa 68 
00 fb 38 
00 6c cO 
12 01 ec 
00 60 76 
5a 00 50 
ff 20 31 
ca 6a 04 
00 0b Of 
69 6f 6e 
00 46 c3 
34 00 30 

61 70 70 
69 73 69 
00 01 01 

62 db 01 
6e 00 73 
65 00 65 
06 00 60 
00 01 00 



27 06 

06 01 
00 5b 
00 12 
00 12 
00 50 
00 00 
3d 18 
00 c2 
20 33 
80 01 
54 65 
08 52 
56 53 
00 33 
6c 69 
6f 6e 
45 00 
29 22 
00 20 

00 70 

07 89 

01 00 



00 08 
80 84 
6f 20 
c5 19 
fa 68 
fb 38 
02 36 
20 ec 

01 ee 
32 31 
00 8b 
73 74 
41 44 
54 39 
60 0b 
63 61 
12 2b 
07 00 
00 53 
00 47 

00 65 
a6 ee 

01 00 



91 4a 

01 40 

00 52 

00 50 

00 12 

00 12 

00 00 

f3 2e 

00 00 

32 20 

17 ca 

20 61 

56 69 

34 48 

0b 00 

74 69 
80 56 
08 81 
00 69 
00 61 
00 72 

75 bb 



00 02 00 

00 08 00 

00 07 00 

6f 20 00 

00 00 00 

fa 94 00 

00 Oe 00 

00 00 00 

00 00 00 
le 00 00 
6a 04 7f 
70 70 6c 
73 69 6f 
54 04 00 
0b Of 54 
6f 6e 08 

01 74 07 
6b 01 
00 65 00 
00 74 00 
07 00 08 
59 cl a6 



08 2b 

00 00 

00 fb 

52 00 

00 00 

12 fa 

00 02 

00 9d 

00 ff 

01 00 
22 cO 
69 63 
6e 00 
35 00 
65 73 
52 41 
00 08 
05 cO 
6d 00 
65 00 
81 6b 
ca a4 



0c 02 
00 00 
38 00 
07 00 
00 00 
9c 00 
36 00 
b5 72 
ff ff 
8b 17 
0b 0b 
61 74 
02 08 
33 00 
74 20 
44 56 
81 6b 
3a 22 
65 00 
6b 00 
00 01 
72 01 



<1066> OCTET STRING 



"J 
.@ 
.R 
.Po 



. + . 



.u8 

R. . 



.uce 
6 



"S. . .€„ 
. !r. [o 
.uh. .A. 
.08. .uh 
. 1A.Pu8. . i ' 
. .i. . .6 

. " v=. 16 ']ir 

Z.P.A.i yyy 

y 1 3212 
Ej.€. .< .Ej. • "A. 
. . .Test applicat 
ion . RADVision . . 
. FAVST94HT. .5.3 

4.0.3" Test 

application . RADV 
ision.+€V.t . . . -k 
. . . E . . . . • k . . . A : " 
bU . ) " . S . i . e . m . e . 
n.s. .G.a.t.e.k. 
e.e.p.e.r. . . -k. . 
. . * . °s> ! iu»YA| Enr . 
I 



14: 
14: 
14: 
14: 
14: 
<87 
14: 
14: 
14: 
<12 
14: 
.R. 
= 0x 
14: 
14: 
14: 
14: 
14: 
STR 
14: 
14: 
14: 
14: 
14: 



34: 

34: 

34: 

34: 

34: 

8> 

34: 

34: 

34: 

1> 

34: 



21 UDPCHAN 
21 UDPCHAN 
21 UDPCHAN 
21 UDPCHAN 
21 UDPCHAN 
OBJECT IDENT 
21 UDPCHAN 
21 UDPCHAN 
21 UDPCHAN 
OBJECT IDENT 
21 UDPCHAN: 
.8. . .h 



Message : 
0> <584 
1> . <5 
2> . . 
2> . . 

IFIER 
2> . . 
3> . . 
4> . . 

IFIER 
3> . . 

. . . .1. .P 



> RasMessage = (6502) . <771> CHOICE ... 

86> registrationRequest = (4294967185) . <702> SEQUENCE . . . 

<587> requestSeqNum = (14888) . <883> INTEGER (1.. 65535) 

<588> protocolldentif ier = (6) { itu-t recommendation h 2250 2}. 

<590> nonStandardData = (4294967185) . <972> SEQUENCE 

. <591> nonStandardldentifier = (10964) . <969> CHOICE ... 

. . <592> object = (8) { iso identif ied-organization 12 2 1107 2 6 1}. 



.@. 



!r. [o .R. 



.h. 



.rZ.P. 



014 
34: 
34: 
34: 
34: 
34: 
ING 
34: 
34: 
34: 
34: 
34: 



000080000000 
21 UDPCHAN 
21 UDPCHAN 
21 UDPCHAN 
21 UDPCHAN 
21 UDPCHAN 

(4. .4) 
21 UDPCHAN 
21 UDPCHAN 
21 UDPCHAN 
21 UDPCHAN 
21 UDPCHAN 



00000217 
2> 
2> 
3> 
4> 
5> 



5> 
2> 
3> 

4> 
5> 



. <594> data = (132) 

.8 6 6 

2005b6f2000. <125> OCTET STRING 

<601> discoveryComplete = (0) . <83> BOOLEAN 

<602> callSignalAddress = (1) . <381> SEQUENCE OF 

. <603> * = (6669) . <1084> CHOICE ... 

. . <604> ipAddress = (4294967185) . <1081> SEQUENCE 

. . . <605> ip = (4) '...j' =0x8bl7ca6a <139 . 23 . 202 . 106> 



Po 



<607> port 



(1152) 



<115> INTEGER (0.. 65535) 



<608> rasAddress = (1) . <381> SEQUENCE OF 

. <609> * = (6669) . <1084> CHOICE ... 

. . <610> ipAddress = (4294967185) . <1081> SEQUENCE 

. . . <611> ip = (4) '...j' =0x8bl7ca6a <139 . 23 . 202 . 106> 



1 321' 



<1066> OCTET 



<1066> OCTET 
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(4. .4) 
21 UDPCHAN 
21 UDPCHAN 
21 UDPCHAN 
21 UDPCHAN 
21 UDPCHAN 
21 UDPCHAN 
21 UDPCHAN 
21 UDPCHAN 



STRING 

14:34: 

14:34: 

14:34: 

14:34: 

14:34: 

14:34: 

14:34: 

14:34: 

=0x546 

14:34 

STRING 

14:34: 

14:34: 

14:34: 

14:34: 

14:34: 

14:34: 

=0x31333930323332303 

14:34:21 UDPCHAN: 3 

14:34:21 UDPCHAN: 4 

BMP St r 

14:34 



5> <613> port = (1151) . <115> INTEGER (0.. 65535) 

2> . . <614> terminalType = (4294967185) . <1050> SEQUENCE ... 
3> . . . <615> vendor = (4294967185) . <980> SEQUENCE ... 
4> . . . . <616> vendor = (4294967185) . <975> SEQUENCE ... 

5> <617> t35CountryCode = (11) . <116> INTEGER (0..255) 

5> <618> t35Extension = (11) . <116> INTEGER (0..255) 

5> <619> manufacturerCode = (11) . <115> INTEGER (0.. 65535) 

4> . . . . <620> productld = (16) 'Test application' 

57374206170706c69636174696f6e. <979> OCTET STRING (1..256) 

21 UDPCHAN: 4> . . . . <622> versionld = (9) 'RADVision' =0x524144566973696f 6e . <979> OCTET 
(1. .256) 

21 UDPCHAN 

21 UDPCHAN 

21 UDPCHAN 

21 UDPCHAN 

21 UDPCHAN 

21 UDPCHAN 



21 UDPCHAN: 

21 UDPCHAN: 
ing (1..256) 

21 UDPCHAN: 

21 UDPCHAN: 

21 UDPCHAN: 

21 UDPCHAN: 

21 UDPCHAN: 

21 UDPCHAN: 



14:34: 

14:34: 

14:34: 

14:34: 

14:34: 

=0x54657374206170706 

14:34: 

STRING 

14:34 



. <624> terminal = (4294967185) . <986> SEQUENCE ... 

. <625> mc = (0) . <83> BOOLEAN 

. <626> undefinedNode = (0) . <83> BOOLEAN 

<627> terminalAlias = (2) . <380> SEQUENCE OF 

. <628> * = (3942) . <962> CHOICE ... 

> . . . . <629> el64 = (17) '13902320210601152' 
23130363031313532. <961> IA5String (1..128) FROM '#*, 0123456789 ' 

> . . . <631> * = (4187) . <962> CHOICE ... 

> . . . . <632> h323-ID = (10) '.5.3.4.0.3' =0x00350033003400300033. 

> 



<960> 



14:34: 

14:34: 

14:34: 

14:34: 

OBJECT 

14:34: 

14:34: 

<121> 

14:34: 

14:34: 

14:34: 

=0x005 

14:34: 

14:34: 

<121> 

14:34: 

14:34: 

14:34: 

<139> 

14:34: 

14:34: 

14:34: 

14:34: 



21 UDPCHAN 

(1. .256) 
21 UDPCHAN 
21 UDPCHAN 
21 UDPCHAN 
21 UDPCHAN 
21 UDPCHAN 

IDENTIFIER 
21 UDPCHAN: 
21 UDPCHAN: 



<634> endpointVendor = (4294967185) . <980> SEQUENCE ... 

> . . . <635> vendor = (4294967185) . <975> SEQUENCE ... 

> . . . . <636> t35CountryCode = (11) . <116> INTEGER (0..255) 

> . . . . <637> t35Extension = (11) . <116> INTEGER (0..255) 

> . . . . <638> manufacturerCode = (11) . <115> INTEGER (0.. 65535) 

> . . . <639> productld = (16) 'Test application' 
c69636174696f6e. <979> OCTET STRING (1..256) 

. <641> versionld = (9) 'RADVision' =0x524144566973696f 6e . <979> OCTET 



2> . . <643> cryptoTokens = (1) . <283> SEQUENCE OF 

3> . . . <644> * = (4466) . <832> CHOICE . . . 

4> . . . . <645> nestedcryptoToken = (9106) . <192> CHOICE ... 

5> <646> cryptoHashedToken = (4294967185) . <177> SEQUENCE 

6> <647> tokenOID = (7) { itu-t recommendation h 235 11 



<121> 



OBJECT IDENTIF 



21 UDPCHAN 
21 UDPCHAN 
21 UDPCHAN 
300690065006d0 
21 UDPCHAN: 6 
21 UDPCHAN: 7 
OBJECT IDENTIF 
21 UDPCHAN 
21 UDPCHAN 
21 UDPCHAN 
BIT STRING 
21 UDPCHAN 
21 UDPCHAN 
21 UDPCHAN 
21 UDPCHAN 



6> <649> hashedVals = (4294967185) . <239> SEQUENCE ... 

7> <650> tokenOID = (7) { itu-t recommendation h 235 15}. 

IER 

> <652> timeStamp = (975332060) . <281> INTEGER (1..-1) 

> <653> random = (41) . <280> INTEGER 

> <654> generallD = (36) ' . S . i . e .m. e . n . s . . G . a . t . e . k . e . e . p . e . r ' 

065006e0073002000. <278> BMPString (1..128) 

> <657> token = (4294967185) . <231> SEQUENCE 

> <658> algorithmOID = (7) { itu-t recommendation h 235 16}. 

IER 

7> <660> paramS = (4294967185) . <226> SEQUENCE ... 

8> <661> null = (4294967173) . <95> NULL 

7> <662> hash = (96) ' . . . . u . Y . . . . r ' =0x0789a6ee75bb59cla6caa47200 . 

2> . . <664> keepAlive = (0) . <83> BOOLEAN 

2> . . <665> willSupplyUUIEs = (0) . <83> BOOLEAN 

2> . . <666> maintainConnection = (0) . <83> BOOLEAN 

2> . . <667> supportsAnnexECallSignalling = (0) . <83> BOOLEAN 



5.3 Separate steps 



Verification steps for the obtained CryptoToken: 



RECEIVE RRQ FROM EP AT GK * 
******************************* 



00:08:31 1 


UDP II 
0000 


J_re gist rat ionRequest_f or_nodeId_4 92_ 
Oe 80 3a 27 06 00 08 91 4a 00 02 


.(packet length 21. 
00 01 00 8b 17 


) Bytes) 
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08 
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0000 


08 


31 


0010 
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17 


ca 
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04 


7f 


22 


cO 
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0020 
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0000 


08 


32 
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69 


73 


69 


6f 


6e 
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2b 


80 


56 


01 


74 


07 


00 


08 


81 


6b 
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01 
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08 


81 


6b 
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05 


cO 


3a 
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1. Determine IP-Address: 

0000:08:33 I New message recv <- registrationRequest on RAS from 492 
0000:08:33 I Read IP Address for EP 139.23.202.106:1151 

2 . Read alias : 



0000 
0000 
0000 
0000 
0000 



66 I EP Alias 53403-> Get User Info (from external database) : 

66 I -> User=Fries, UID=53403, PWLen=20, LC=Wed Aug 25 13:52:19 1999 

66 I -> Hashed Passphrase (fries shal-hashed) : 

67 | 0000: 91 27 lc 95 fO a3 aO 6f Od 79 75 bl 19 5f al 28 '.'... 
67 | 0010: 8a 86 b6 d4 '....' 



. o.yu. ._. ( ' 



3. Read CryptoTokenOID : 

0000:08:67 | Recv/RecvFrom: Found Crypto Token: token len = 15 Bytes, tokenOID = 

0000:08:67 | 0000: 30 20 30 20 38 20 32 33 35 20 30 20 31 20 31 '0 8 235 Oil 1 

4. Read ClearTokenOID : 

0000:08:67 | Recv/RecvFrom: Found Crypto Token: token len = 15 Bytes, tokenOID (2) = 

0000:08:67 | 0000: 30 20 30 20 38 20 32 33 35 20 30 20 31 20 35 '0 8 235 15' 

5. Read generallD: 



0000 
0000 
0000 
0000 



68 
68 
68 
68 



RecvFrom: Found Crypto Token: token len = 36 Bytes, generallD 



0000 
0010 
0020 



00 53 00 69 00 65 00 6d 00 65 00 6e 00 73 00 20 
00 47 00 61 00 74 00 65 00 6b 00 65 00 65 00 70 
00 65 00 72 



S.i.e.m.e.n.s. ' 
G.a.t.e.k.e.e.p' 
e . r ' 



6. Read algorithmOID : 

0000:08:68 [ Recv/RecvFrom: Foi 

0000:08:68 I 0000: 30 20 30 20 

7. Read Sequence Number: 



Recv/RecvFrom: Found Crypto Token: token len = 15 Bytes, algorithmOID = 
0000: 30 20 30 20 38 20 32 33 35 20 30 20 31 20 36 '0 8 235 16' 



0000:08:68 I Recv/RecvFrom: Found Crypto Token: sequence_number 



41 



8. Read timestamp: 

0000:08:68 I Recv/RecvFrom: Found Crypto Token: timestamp = 975332060 

9. Read token value: 

0000:08:68 I Recv/RecvFrom: Found Crypto Token: token len = 96 Bits, token value = 
0000:08:68 I 0000: 07 89 a6 ee 75 bb 59 cl a6 ca a4 72 ' u. Y r ' 

10. Perform verification checks: 



0000 
0000 
0000 
0000 
0000 



68 I Recv/RecvFrom: (h235_checkToken) clear token OID check passed 

68 I Recv/RecvFrom: (h235_checkToken) crypto token OID check passed 

68 I Recv/RecvFrom: (h235_checkToken) crypto algorithm OID check passed 

68 I Recv/RecvFrom: (h235_checkToken) time value in range 

68 | Recv/RecvFrom: (h235_checkToken) generallD check passed 



11. Locate and read hash value: 

0000:08:69 I Recv/RecvFrom: (h235_checkToken) found ICV in raw message on position 195 
0000:08:69 I 0000: 07 89 a6 ee 75 bb 59 cl a6 ca a4 72 ' . . . . u . Y . . . . r ' 



12. Re-compute hash value: 

0000:08:69 | Crypto-Module : Start Message Hash Session 
0000:08:69 | Crypto-Module: End Message Hash Session 

13. Verify hash value: 



0000 
0000 
0000 
0000 
0000 
0000 
0000 



69 I ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 

69 I + + 

69 I + SUCCESSFUL INTEGRITY CHECK + 

69 | + Recv/RecvFrom: registrationRequest on RAS: 

69 I + VALID TOKEN received from User Fries (ID: 53403) 

69 I + + 

69 | ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 
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5.4 RRQ message with H.235 V2 



This example shows an initial RRQ message (without any senders ID) that is being encoded with H.235 [2] Version 2. 

Password = fries 

SHA1 = 91 27 1C 95 F0 A3 A0 6F 0D 79 75 Bl 19 5F Al 28 8A 86 B6 D4 



13:45: 
13:45: 
13:45: 
13:45: 



13: 
(4. 
13: 
13: 
13: 



45: 
.4) 
45: 
45: 
45: 



13:45: 
13:45: 
13:45: 
13:45: 



13: 
13: 
13: 
13: 
13: 



45: 
45: 
45: 
45: 
45: 



13:45: 
13:45: 
13:45: 
13:45: 
13:45: 



13: 
13: 
13: 
13: 
13: 



45: 
45: 
45: 
45: 

45: 



13:45 

<3594> 

13:45: 



14 UDPCHAN 

14 UDPCHAN 

14 UDPCHAN 

14 UDPCHAN 

14 UDPCHAN 

14 UDPCHAN 

14 UDPCHAN 

14 UDPCHAN 

14 UDPCHAN 

14 UDPCHAN 

14 UDPCHAN 

14 UDPCHAN 

14 UDPCHAN 

14 UDPCHAN 

14 UDPCHAN 

14 UDPCHAN 

14 UDPCHAN 

14 UDPCHAN 

14 UDPCHAN 

14 UDPCHAN 

14 UDPCHAN 

14 UDPCHAN 

14 UDPCHAN 

14 UDPCHAN 

14 UDPCHAN 

14 UDPCHAN 

14 UDPCHAN 

14 UDPCHAN 



INFO - New message (channel 0) recv < — registrationRequest : 
Address : 

0> <557> TransportAddress = 

1> . <558> ipAddress = (0) 

2> . . <559> ip = (4) '< . I. 



(0) . <4579> CHOICE . . . 

<4570> SEQUENCE 
=0x8bl7cc2e <139 . 23 . 204 . 46> 



<4520> OCTET STRING 



2> 



<561> port 



(1575) 



<155> INTEGER (0.. 65535) 



00 
00 
00 
00 

00 
00 
00 
00 
00 
00 
00 
00 
00 
00 
00 
00 
Me 


1 

2 
2 



nary 

000 

016 

032 

048 

064 

080 

096 

112 

128 

144 

160 

176 

192 

208 

224 

240 

ssage 

> <4 

> . 

> . 



Oe cO 

cc 2e 

00 0b 

69 6f 
00 86 
00 53 
00 47 
00 65 

70 70 
53 49 
00 02 
9b c9 
00 6e 

00 65 
02 06 

01 00 



7a fe 
06 26 
Of 54 
6e 08 
73 64 
00 69 
00 61 

00 72 
6c 69 
4f 4e 

01 45 

02 21 
00 73 
00 65 

00 60 

01 00 



06 00 

01 00 

65 73 

52 41 

04 00 

00 65 

00 74 

60 0b 

63 61 

28 2b 

00 07 

7c 22 

00 20 

00 70 
6d 3b 

01 00 



08 91 4a 

8b 17 cc 

74 20 61 

44 56 49 

35 00 33 

00 6d 00 

00 65 00 

0b 00 0b 

74 69 6f 

00 00 57 

00 08 81 

00 53 00 

00 47 00 

00 65 00 

ad 49 bf 



00 04 
2e 06 
70 70 
53 49 

00 34 
65 00 
6b 
Of 54 
6e 08 

01 74 



00 01 

27 22 

6c 69 

4f 4e 

00 30 

6e 00 

65 00 

65 73 

52 41 

07 00 



6b 00 02 05 
69 00 



61 00 
72 07 
c9 73 



65 00 

74 00 

00 08 

87 0a 



00 8b 17 

cO 0b 0b 

63 61 74 

00 02 02 

00 33 22 

73 00 20 
65 00 70 

74 20 61 
44 56 49 
8 81 6b 
cO 3c e3 
6d 00 65 
65 00 6b 

81 6b 00 

82 ac 06 



. Azp. . . "J < . 

I. .&..<. I. .' "A. . 
. . .Test applicat 
ion.RADVISION. . . 
. tsd. .5.3.4.0.3" 
.S.i.e.m.e.n.s. 
.G.a.t.e.k.e.e.p 

. e . r" Test a 

pplication.RADVI 
SION (+. .W.t . . . -k 
. . .E. . . . -k. . .A<a 
>E . ! | " . S . i . e . m . e 
.n.s. .G.a.t.e.k 
.e.e.p.e.r...-k. 
. . . "m; -I^Es* . , ->. 
I 



> . 

OBJECT IDENTIFIER 



13: 
13: 
13: 
13: 



45: 
45: 
45: 
45: 



STRING 
13:45: 
13:45: 
13:45: 
13:45: 
13:45: 
STRING 



13: 
13: 
13: 



45: 
45: 
45: 



13:45: 
13:45: 
13:45: 
13:45: 
13:45: 
=0x546 
13:45: 
OCTET 
13:45: 
13:45: 
13:45: 
13:45: 
13:45: 
13:45: 
FROM ' 
13:45: 
13:45: 
BMPStr 
13:45: 
= 0x005 
(1. .12 
13:45: 
13:45: 



14 UDPCHAN 

14 UDPCHAN 

14 UDPCHAN 

14 UDPCHAN 

14 UDPCHAN 

(4. .4) 

14 UDPCHAN 

14 UDPCHAN 

14 UDPCHAN 

14 UDPCHAN 

14 UDPCHAN 

(4. .4) 

14 UDPCHAN 

14 UDPCHAN 

14 UDPCHAN 

14 UDPCHAN 

14 UDPCHAN 

14 UDPCHAN 

14 UDPCHAN 

14 UDPCHAN 



> 

57374206170706c6963 



> 



13: 
13: 
13: 
13: 



45: 
45: 
45: 
45: 



14 UDPCHAN: 4 

STRING (1. .256 

14 UDPCHAN: 3 

14 UDPCHAN: 3 

14 UDPCHAN: 3 

14 UDPCHAN: 2 

14 UDPCHAN: 3 

14 UDPCHAN: 4 

#*, 0123456789' 

14 UDPCHAN: 3 

14 UDPCHAN: 4 

ing (1..256) 

14 UDPCHAN: 2> . . 

300690065006d006500 

8) 

14 UDPCHAN: 2> . . 

14 UDPCHAN: 3> . . 

14 UDPCHAN: 4> . . 

14 UDPCHAN: 4> . . 

14 UDPCHAN: 4> . . 

14 UDPCHAN: 3> . . 



3> RasMessage = (0) . <2731> CHOICE ... 

484> registrationRequest = (4294967185) . <2461> SEQUENCE ... 
<485> requestSeqNum = (31487) . <3615> INTEGER (1.. 65535) 
<486> protocolldentif ier = (6) { itu-t recommendation h 2250 4}. 

<488> discoveryComplete = (0) . <0> BOOLEAN 

<489> callSignalAddress = (1) . <1151> SET OF CHOICE ... 

. <490> * = (10714) . <4579> CHOICE ... 

. . <491> ipAddress = (4294967185) . <4570> SEQUENCE 

. . . <492> ip = (4) '<.!.' =0x8bl7cc2e <139 . 23 . 204 . 46> . <4520> OCTET 



. . . <494> port = (1574) . <155> INTEGER (0.. 65535) 

<495> rasAddress = (1) . <1151> SET OF CHOICE ... 

. <496> * = (10714) . <4579> CHOICE ... 

. . <497> ipAddress = (4294967185) . <4570> SEQUENCE 

. . . <498> ip = (4) '<.!.' =0x8bl7cc2e <139 . 23 . 204 . 46> 



<4520> OCTET 



<501> t 
. <502> 
<50 



<50 
6174696f 
<5 



500> port = (1575) . <155> INTEGER (0.. 65535) 
erminalType = (4294967185) . <4403> SEQUENCE 
vendor = (4294967185) . <4186> SEQUENCE ... 
3> vendor = (4294967185) . <4169> SEQUENCE .. 
504> t35CountryCode = (11) . <45> INTEGER (0. 
505> t35Extension = (11) . <45> INTEGER (0..255) 
506> manufacturerCode = (11) . <155> INTEGER (0.. 65535) 
7> productld = (16) 'Test application' 
6e . <4181> OCTET STRING (1..256) 
9> versionld = (9) 'RADVISION' =0x524144564953494f 4e . <4181> 



.255) 



. <511> terminal = (4294967185) . <4204> SEQUENCE ... 

. <512> mc = (0) . <0> BOOLEAN 

. <513> undefinedNode = (0) . <0> BOOLEAN 

<514> terminalAlias = (2) . <1147> SET OF CHOICE ... 

. <515> * = (8122) . <4095> CHOICE ... 

. . <516> el64 = (5) '53403' =0x3533343033 . <4089> IA5String (1. 



.128) 



<518> * = (9613) 
. <519> h323-ID = 



<4095> CHOICE . 
(10) '.5.3.4.0.3' 



=0x00350033003400300033 



<4084> 



=0x54 65737420 617070 6c6963 
13:45:14 UDPCHAN: 3> . . 
STRING (1. .256) 
13:45:14 UDPCHAN: 2> . . 
13:45:14 UDPCHAN: 3> . . 
13:45:14 UDPCHAN: 4> . . 



<521> gatekeeperldentif ier = (36) '.S.i.e.m.e.n.s. . G. a. t . e . k. e . e .p. e . r ' 
6e007300200047006100740065006b00650065007000650072 . <3610> BMPString 

<524> endpointVendor = (4294967185) . <4186> SEQUENCE ... 
. <525> vendor = (4294967185) . <4169> SEQUENCE ... 
. . <526> t35CountryCode = (11) . <45> INTEGER (0..255) 
. . <527> t35Extension = (11) . <45> INTEGER (0..255) 
. . <528> manufacturerCode = (11) . <155> INTEGER (0.. 65535) 
. <529> productld = (16) 'Test application' 
6174696f6e . <4181> OCTET STRING (1..256) 
. <531> versionld = (9) 'RADVISION' =0x524144564953494f 4e . <4181> OCTET 

<533> cryptoTokens = (1) . <752> SET OF CHOICE ... 

. <534> * = (12045) . <3421> CHOICE ... 

. . <535> nestedcryptoToken = (7314) . <384> CHOICE ... 
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13 


45 


14 UDPCHAN 


5 


13 


45 


14 UDPCHAN 


6 


OBJECT IDENTIFIER 


13 


45 


14 UDPCHAN 


6 


13 


45 


14 UDPCHAN 


7 


<171> 


OBJECT IDENTIF 


13 


45 


14 UDPCHAN 


7 


13 


45 


14 UDPCHAN 


7 


13 


45 


14 UDPCHAN 


7 


=0x0053006900650 


)6d0 


(1 


.128) 




13 


45 


14 UDPCHAN 


6 


13 


45 


14 UDPCHAN 


7 


<171> 


OBJECT IDENTIF 


13 


45 


14 UDPCHAN 


7 


13 


45 


14 UDPCHAN 


8 


13 


45 


14 UDPCHAN 


7 


<243> 


BIT STRING 




13 


45 


14 UDPCHAN 


2 


13 


45 


14 UDPCHAN 


2 


13 


45 


14 UDPCHAN 


2 



> <536> cryptoHashedToken = (4294967185) . <339> SEQUENCE 

> <537> tokenOID = (7) { itu-t recommendation h 235 2 1}. <171> 

5> <539> hashedVals = (4294967185) . <556> SEQUENCE ... 

7> <540> tokenOID = (7) { itu-t recommendation h 235 2 5}. 

^IER 

7> <542> timeStamp = (1021549514) . <738> INTEGER (1..-1) 

7> <543> random = (8572) . <735> INTEGER 

7> <544> generallD = (36) ' . S . i . e .m. e . n . s . . G . a . t . e . k . e . e . p . e . r ' 

)065006e007300200047006100740065006b00650065007000650072 . <725> BMPString 

5> <547> token = (4294967185) . <532> SEQUENCE 

7> <548> algorithmOID = (7) { itu-t recommendation h 235 2 6}. 

^IER 

7> <550> paramS = (4294967185) . <507> SEQUENCE ... 

i> <551> null = (4294967173) . <9> NULL 

7> <552> hash = (96) 'm; -IiEs * . , "• . ' =0x6d3bad4 9bf c973870a82ac06 . 

l> . . <554> keepAlive = (0) . <0> BOOLEAN 

l> . . <555> willSupplyUUIEs = (0) . <0> BOOLEAN 

. <556> maintainConnection = (0) . <0> BOOLEAN 



5.5 Following RFC with sendersID 

The following message shows the corresponding RCF (including the senders ID) 



13:45:14 UDPCHAN 

13:45:14 UDPCHAN 

13:45:14 UDPCHAN 

:14 UDPCHAN 

:14 UDPCHAN 



13: 
13: 

(4. 
13: 



45: 
45: 
.4) 

45: 



:14 UDPCHAN 

13:45:14 UDPCHAN 

13:45:14 UDPCHAN 

13:45:14 UDPCHAN 

13:45:14 UDPCHAN 

13:45:14 UDPCHAN 



INFO - 

Address 

0> <5< 

1> . < 

2> . . 

2> . . 
Message 
0> <5( 
1> . < 
2> . 
2> . 



New message (channel 0) sent — > registrationConf irm: 



9> TransportAddress = 
600> ipAddress = (0) 
<601> ip = (4) '< . I. 

<603> port = (1575) 



(0) . <4579> CHOICE . . . 

<4570> SEQUENCE 
=0x8bl7cc2e <139 . 23 . 204 . 46> 

<155> INTEGER (0.. 65535) 



<4520> OCTET STRING 



OBJECT IDENTIFIER 



<3594> 

13:45:14 UDPCHAN: 2> . 

13:45:14 UDPCHAN: 3> . 

13:45:14 UDPCHAN: 4> . 

13:45:14 UDPCHAN: 5> . 
STRING (4. .4) 

13:45:14 UDPCHAN: 5> . 

13:45:14 UDPCHAN: 2> . 

13:45:14 UDPCHAN: 3> . 

13:45:14 UDPCHAN: 4> . 
FROM '#*, 0123456789' 

13:45:14 UDPCHAN: 3> . 

13:45:14 UDPCHAN: 4> . 
BMPString (1. .256) 

13:45:14 UDPCHAN: 2> . 
=0x0 053 690 65 6d00 650 

(1. .128) 

13:45:14 UDPCHAN: 2> . 

'.0.0.0.0.0.0.1.1.0.6.4. 



=0x003000300030003000300 
037003200300037003800350 



13:45:14 UDPCHAN 
13:45:14 UDPCHAN 
13:45:14 UDPCHAN 
13:45:14 UDPCHAN 
13:45:14 UDPCHAN 
OBJECT IDENTIFIER 
13:45:14 UDPCHAN: 
13:45:14 UDPCHAN: 



2> 
3> 

4> 
5> 
6> 

6> 

7> 



5> RasMessage = (0) . <2731> CHOICE ... 

566> registrationConfirm = (0) . <2382> SEQUENCE ... 
<598> requestSeqNum = (31487) . <3615> INTEGER (1.. 65535) 
<567> protocolldentif ier = (6) { itu-t recommendation h 2250 4}. 

<569> callSignalAddress = (4294966741) . <1151> SET OF CHOICE ... 
<570> * = (0) . <4579> CHOICE ... 
. <571> ipAddress = (0) . <4570> SEQUENCE 
. . <572> ip = (4) '<.I.' =0x8bl7cc2e <139 . 23 . 204 . 46> . <4520> OCTET 

. . <574> port = (1720) . <155> INTEGER (0.. 65535) 
<579> terminalAlias = (0) . <1147> SET OF CHOICE ... 
<580> * = (0) . <4095> CHOICE ... 
. <581> el64 = (5) '53403' =0x3533343033 . <4089> IA5String (1..128) 

<583> * = (0) . <4095> CHOICE ... 

. <584> h323-ID = (10) '.5.3.4.0.3' =0x00350033003400300033 . <4084> 

<590> gatekeeperldentif ier = (36) ' . S . i . e .m. e . n. s . . G. a. t . e . k. e . e .p. e . r ' 
6e007300200047006100740065006b00650065007000650072 . <3610> BMPString 

<575> endpointldentifier = (80) 
.0.0.7.8.5.1.2.7.3.0.7.1.7.2.0.7.8.5.1.2.7.3.0.7.1.5.7.5' 

30003100310030003 6003400380030003000370038003500310032003700330030003700310 
31003200370033003000370031003500370035 . <3597> BMPString (1..128) 

<604> cryptoTokens = (4294966741) . <752> SET OF CHOICE ... 

. <605> * = (4294966741) . <3421> CHOICE ... 

. . <606> nestedcryptoToken = (4294966741) . <384> CHOICE ... 

. . . <607> cryptoHashedToken = (4294966741) . <339> SEQUENCE 

.... <608> tokenOID = (7) { itu-t recommendation h 235 021}. <171> 



<610> hashedVals 
. <611> tokenOID 



(4294966741) . <556> SEQUENCE ... 

(7) { itu-t recommendation h 235 2 5}. 



<171> OBJECT IDENTIFIER 



13:45:14 UDPCHAN 
13:45:14 UDPCHAN 
13:45:14 UDPCHAN 



7> 
7> 
7> 



.0.0.0.0.0.0.1.1.0.6.4. 



= 0x0 
0370 
13:4 
= 0x0 
(1. . 
13:4 
13:4 
<171 
13:4 
13:4 
13:4 
<243 
13:4 
13:4 



03000300030003000300 

03200300037003800350 

5:14 UDPCHAN: 7> . 

05300690065006d00650 

128) 

5:14 UDPCHAN: 6> . 

5:14 UDPCHAN: 7> . 

> OBJECT IDENTIFIER 



<622> timeStamp = (1021549514) . <738> INTEGER (1..-1) 

<621> random = (8290) . <735> INTEGER 

<613> generallD = (80) 

.0.0.7.8.5.1.2.7.3.0.7.1.7.2.0.7.8.5.1.2.7.3.0.7.1.5.7.5' 

30003100310030003 6003400380030003000370038003500310032003700330030003700310 

31003200370033003000370031003500370035 . <725> BMPString (1..128) 

<618> sendersID = (36) ' . S . i . e .m. e . n . s . . G. a. t . e . k. e . e .p. e . r ' 

6e007300200047006100740065006b00650065007000650072 . <725> BMPString 

.... <623> token = (4294966741) . <532> SEQUENCE 

<624> algorithmOID = (7) { itu-t recommendation h 235 2 6}. 



:14 UDPCHAN 
:14 UDPCHAN 
15:14 UDPCHAN 
i> BIT STRING 
:14 UDPCHAN 
:14 UDPCHAN 



7> 
8> 

7> 

2> 
2> 



<626> paramS = (4294966741) . <507> SEQUENCE ... 

. <627> null = (0) . <9> NULL 

<628> hash = (96) '<. I .'.... y . y ' =0x8bl7cc2e2706000000f f OOf f 



<577> willRespondToIRR = (0) 
<593> preGrantedARQ = (0) . 



<0> BOOLEAN 
<2355> SEQUENCE . . . 
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13 


45 


14 


UDPCHAN 


3> . . 


. <594> makeCall = 


= (0) 


<0> 


BOOLEAN 












13 


45 


14 


UDPCHAN 


3> . . 


. 


:595> useGKCallSignalAddressToMakeCall = 


= (0) . <0> BOOLEAN 




13 


45 


14 


UDPCHAN 


3> . . 


. 


:596> answerCall = 


(0 




<0> BOOLEAN 










13 


45 


14 


UDPCHAN 


3> . . 


. 


:5 97> useGKCallSignalAddressToAnswer 


= 


(0) 


<0> BOOLEAN 
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2> . . 


<578> 


maintainConnection = 


(0) 




<0> BOOLEAN 
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Binary : 
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' . " | 


13 


45 


14 


UDPCHAN 


00320 


09 


03 


4a 


3a 


c3 


5f 


52 


ae 


51 


46 


01 


00 


01 


00 


01 


00 | 


. J : A R®QF 





5.6 Test configurations 

5.6.1 Gatekeeper and terminal 

Clauses 5.1, 5.2, 5.3, 5.4 and 5.5 correlate to a test configuration of a Terminal and a Gatekeeper. 

5.6.2 Gatekeeper and gateway 

The Gatekeeper-to-Gateway communications according to H.235 [2] annex D is very similar to the terminal Gatekeeper 
communication. The generallD and the sendersID are the only fields that have different values. 

5.6.3 Gatekeeper and Gatekeeper 

The Gatekeeper-to-Gatekeeper communications according to annex D of H.235 [2] is very similar to the terminal 
Gatekeeper communication. The generallD and the sendersID are the only fields that have different values. 



H.235, annex F 



6.1 



Overview 



Figure 3 shows the basic steps to be taken for the signature computation at the originating entity. This figure illustrates 
the procedures specified by annex F of H.235 [2], in particular referring to the annex E clauses E.5, E.9, E. 10 and E. 1 1 . 

NOTE: Annex F procedures referring to annex D are not shown in the processing figures, this is analogous to 
clause 5. 

Steps 4 and 5 in figure 3 relate to the computation of the RS A digital signature. This might be 
accomplished by compound crypto function. Similarly, steps 5, 6 and 7 in Figure 4 relate to the 
verification of the RSA digital signature and might be covered by a compound crypto function as well. 
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RAS H.225.0 

|CryptoH323Token| 



nestedCryptoToken 




CryptoToken 
ICryptoSignedTokenl 





I tokenOID I 




I toBeSigned AlgorithmOID params signature 







i 


i 


i 




A 




I tokenOID I 


I Timestamp I 


I random 


I I generallD 


I senderlD j 


| dhkey I 


I certificate I 



halfkey modsize generator 



ASN.1 Encode message 



00. .000 (1024 zeros) 



RAS H.225.0 




I signature J 



Figure 3: Signature computation at sender 
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The recipient receives the message and then proceeds as follows. 



RAS H.225.0 

|CryptoH323Token| 



I 



ASN.1 Decode message 





nestedCryptoToken 






CryptoToken 




CryptoSignedToken 



r£ 



toBeSigned AlgorithmOID params 



[ I Timestamp random 1 I generallD senderlD 




halfkey I modsize generator 




Figure 4: Signature verification at receiver 

6.2 RRQ with DH Set received by the Gatekeeper with signed 
token 

Client DH-random: (1 024 bits) 

1615753 6503 8 85317 8 693182 9110 9333110 9987722 62720144 9027 8 684 63 65004 83042 912 64071020 652 8703444 870 653 
2820537 8 69722304 94 8514422 8 997 83 9432 940 6302 811454457 633707 835024 87 8300041237 9683 97 82 692 8 6650 820 987 
1536243493251174703907122669526301704176837523226057098069728854797292942895710342191803251906952 
005656993434621826 



14 
14 
14 
14 
14 
14 



37 TPKTCHAN: Registered TPKTCHAN TPKT Messages 

37 PERERR: Registered PERERR PER Error Messages 

37 UDPCHAN: Registered UDPCHAN RAS Message Channels 

46 UDPCHAN: INFO - New message (channel 0) recv < — registrationRequest : 

46 UDPCHAN: Address: 

46 UDPCHAN: 0> <615> TransportAddress = (0) . <4579> CHOICE ... 
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<155> INTEGER (0.. 65535) 
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14 
14 
14 
14 



4 6 UDPCHAN 

4 6 UDPCHAN 

4 6 UDPCHAN 

4 6 UDPCHAN 



0> <486> RasMessage = (0) . <2731> CHOICE .. 
1> . <487> registrationRequest = (4294967185) 



<2461> SEQUENCE 



2> 
2> 



<3594> OBJECT IDENTIFIER 



14 
14 
14 
14 
14 



4 6 UDPCHAN 

4 6 UDPCHAN 

4 6 UDPCHAN 

4 6 UDPCHAN 

4 6 UDPCHAN 



STRING (4. .4) 



14 
14 
14 
14 
14 



4 6 UDPCHAN 

4 6 UDPCHAN 

4 6 UDPCHAN 

4 6 UDPCHAN 

4 6 UDPCHAN 



STRING (4. 



14 
14 

14 
14 
14 
14 
14 
14 



4 6 UDPCHAN 

4 6 UDPCHAN 

4 6 UDPCHAN 

4 6 UDPCHAN 

4 6 UDPCHAN 

4 6 UDPCHAN 

4 6 UDPCHAN 

4 6 UDPCHAN 



2> 
2> 
3> 

4> 
5> 

5> 
2> 
3> 

4> 
5> 

5> 
2> 
3> 

4> 
5> 
5> 

5> 
4> 



=0x54657374206170706c69636174696f6e 



14:48:46 UDPCHAN 
OCTET STRING (1. 



14 
14 
14 
14 
14 
14 



4> 

256) 

3> 



3> 
3> 
2> 
3> 

4> 



<488> requestSeqNum = (11178) 
<489> protocolldentif ier = (6 



) { 



<3615> INTEGER (1.. 65535) 

itu-t recommendation h 2250 4 



<0> BOOLEAN 

<1151> SET OF CHOICE 



<491> discoveryComplete = (0) 

<492> callSignalAddress = (1) 

. <493> * = (10714) . <4579> CHOICE ... 

. . <494> ipAddress = (4294967185) . <4570> SEQUENCE 

. . . <495> ip = (4) '< .En' =0x8bl7cbb5 <139 . 23 . 203 . 181> 



. . . <497> port = (1657) . <155> INTEGER (0.. 65535) 

<498> rasAddress = (1) . <1151> SET OF CHOICE ... 

. <499> * = (10714) . <4579> CHOICE ... 

. . <500> ipAddress = (4294967185) . <4570> SEQUENCE 

. . . <501> ip = (4) '< .En' =0x8bl7cbb5 <139 . 23 . 203 . 181> 



<4520> OCTET 



<4520> OCTET 



. . . <503> port = (1658) . <155> INTEGER (0.. 65535) 
<504> terminalType = (4294967185) . <4403> SEQUENCE ... 
. <505> vendor = (4294967185) . <4186> SEQUENCE ... 

<506> vendor = (4294967185) . <4169> SEQUENCE ... 

. <507> t35CountryCode = (11) . <45> INTEGER (0..255) 

. <508> t35Extension = (11) . <45> INTEGER (0..255) 

. <509> manufacturerCode = (11) . <155> INTEGER (0.. 65535) 

<510> productld = (16) 'Test application' 



<4181> OCTET STRING (1..256) 



. <512> versionld 

<514> terminal 
<515> mc = (0) 



(9) 'RADVision' =0x524144566973696f 6e 



<4181> 



<4204> SEQUENCE 



. <516> undef inedNode 
<517> terminalAlias = 
. <518> * = (8122) . 
. . <519> el64 = (5) ' 



(0) 



<0> BOOLEAN 
(2) . <1147> SET OF CHOICE ... 
<4095> CHOICE . . . 
43038' =0x3433303338 . <4089> IA5String (1. 



<521> * = (9613) 
. <522> h323-ID ■■ 



<4095> CHOICE 
(10) ' .4.3.0.3.8 



=0x0034003300300033003 8 



<4084> 



:46 UDPCHAN: 3> . . . <514> terminal = (4294967185) 

:46 UDPCHAN: 3> . . . <515> mc = (0) . <0> BOOLEAN 

:46 UDPCHAN 

:46 UDPCHAN 

:46 UDPCHAN 

:46 UDPCHAN: 4> . . . . <519> el64 = (5) '43038' =0x3433303338 . <4089> IA5String (1..128) 
FROM '#*, 0123456789' 

14:48:46 UDPCHAN: 3> 

14:48:46 UDPCHAN: 4> 
BMPString (1. .256) 

14:48:46 UDPCHAN: 2> . . <524> gatekeeperldentif ier = (36) ' . S . i . e .m. e . n. s . . G. a. t . e . k. e . e .p. e . r ' 
=0x005300690065006d0065006e007300200047006100740065006b00650065007000650072 . <3610> BMPString 
(1. .128) 

14:48:46 UDPCHAN: 2> . . <527> endpoint Vendor = (4294967185) . <4186> SEQUENCE ... 

14:48:46 UDPCHAN: 3> . . . <528> vendor = (4294967185) . <4169> SEQUENCE ... 

14:48:46 UDPCHAN: 4> . . . . <529> t35CountryCode = (11) . <45> INTEGER (0..255) 

14:48:46 UDPCHAN: 4> . . . . <530> t35Extension = (11) . <45> INTEGER (0..255) 

14:48:46 UDPCHAN: 4> . . . . <531> manufacturerCode = (11) . <155> INTEGER (0.. 65535) 

14:48:46 UDPCHAN: 3> . . . <532> productld = (16) 'Test application' 



=0x5 4657374206170706c69636174696f6e 



<4181> OCTET STRING (1..256) 



14:48:46 UDPCHAN: 
STRING (1. .256) 



3> 



<534> versionld 



14 
14 
14 
14 
14 



4 6 UDPCHAN 

4 6 UDPCHAN 

4 6 UDPCHAN 

4 6 UDPCHAN 

4 6 UDPCHAN 



(9) 

^ (1) 



'RADVision' 



=0x524144566973696f6e 



<4181> OCTET 



2> . . <536> cryptoTokens = (1) . <752> SET OF CHOICE ... 

3> . . . <537> * = (12045) . <3421> CHOICE ... 

4> . . . . <538> nestedcryptoToken = (7371) . <384> CHOICE ... 

5> <539> cryptoSignedToken = (4294967185) . <366> SEQUENCE 

6> <540> tokenOID = (7) { itu-t recommendation h 235 2 20 



<171> 



OBJECT IDENTIFIER 



14 
14 
14 



4 6 UDPCHAN 
4 6 UDPCHAN 
4 6 UDPCHAN 



6> <542> token = (4294967185) . <351> SEQUENCE 

7> <543> toBeSigned = (4294967185) . <471> SEQUENCE ... 

8> <544> tokenOID = (7) { itu-t recommendation h 235 2 21 }. 



<171> OBJECT IDENTIFIER 



14 
14 
14 



4 6 UDPCHAN 
4 6 UDPCHAN 
4 6 UDPCHAN 



i> <546> timeStamp = (1023194925) . <738> INTEGER (1..-1) 

i> <547> dhkey = (4294967185) . <699> SEQUENCE ... 

3> . _ <548> halfkey = (1024) 

") AsXz9. -Ir-4.at • e . pel . Qaas : Z14. 6t$± .SsiDd [ 3 Je,>.^eE~ .6]U?v"a>iA/ 



'6 a < (.s.O,8I«"\PaOo".®cNiae$. ^Ce 1 

i a eq)MaA p&T0v3 2 &UaOE\ 3 >IYRup ' 

=0xf6aa3c28039a01d5b83 8cfab925c50e0d5 6f93 0cae63dledele9241bb9d64380b91e0d018 82 9c2 9a5 87a3 905 9d4 972 8d3 

412 6174 90e90b70e7cdl651e2e3733a8ebd0ed28 624bl0fae73 6944 645bb34ae8823el4ac65cb9814f45d553f7 691e6efc52 

fcfaae971294de5c520702654307633b22655e3d2c85cb39b495952fb70 . <695> BIT STRING (0..2048) 

14:48:46 UDPCHAN: 9> <555> modSize = (1024) 

'yyyyyyyyE.Ut ! hA4A£b< €U . N ) . N . Sglt . . 3 4 | ; . >"QJ.yZ4. Yi- . 3 i:C.O+.m6_.70a5mmQAEa...uvb~~j£6LBe |7ik.y\I6. -ii8k 
uZ°s-oY¥®Y$ . | K . a I ( f QisS • yyyyyyyy ' 

=0xffffffffffffffffc90fdaa22168c234c4c6628b80dclcdl2 9024e088a67cc74020bbea63bl39b22514a0 87 98e3404dde 
f9519b3cd3a431b302b0a6df25fl4374fel35 6d6d51c245e4 85b57 6625e7ec6f44c42e9a637ed6b0bff5cb6f40 6b7edee3 8 6 
bfb5a899fa5ae9f24117c4blfe649286651ece65381ffffffffffffffff . <695> BIT STRING (0..2048) 



14 
(0 

14 
14 
14 



48:46 UDPCHAN: 
.2048) 



9> 



<562> generator 



(8) 



= 0x02 



<695> BIT STRING 



48:46 UDPCHAN: 8> <564> random = (41) . <735> INTEGER 

48:46 UDPCHAN: 8> <565> certificate = (4294967185) . <628> SEQUENCE ... 

48:46 UDPCHAN: 9> <566> type = (7) { itu-t recommendation h 235 2 23 }. 

<171> OBJECT IDENTIFIER 

14:48:46 UDPCHAN: 9> <568> certificate = (679) 

'0,.£0, 20...*tHt-r 0- -1 (0&. .U. . . . IPL Certification Authority 

RSA1.0. . .U. .. . del.0. . .U. .. .Siemens AG1 . . . .U. . . . ZT IK 3' 

=0x308202a33082020ca003020102020132300d06092a864886f70d0101050500308181312830260603550403131f49504c2 

043 657274 69666963 6174 696f6e204 17574 68 6f72 69747 92052534 13 10b3 90 60355 040 61302 64 653 11330 110 60355 04 0a! 

30a5369656d656e732041473110300e060355040bl3075a5420494b2033 . <183> OCTET STRING 

14:48:46 UDPCHAN: 8> <598> generallD = (36) ' . S . i . e .m. e . n . s . . G . a . t . e . k . e . e . p . e . r ' 

=0x005300690065006d0065006e007300200047006100740065006b00650065007000650072 . <725> BMPString 

(1. .128) 
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14:48:46 UDPCHAN: 7> <601> algorithmOID 

<171> OBJECT IDENTIFIER 

14:48:46 UDPCHAN: 7> <603> paramS = (4294967185) 

14:48:46 UDPCHAN: 8> <604> null = (4294967173) 

14:48:46 UDPCHAN: 7> <605> signature = (1024) 

'A-OE0 2 Oa} . fK¥ (_%N~Qa • ?...o„ " . " eH¥ . e3«i5 .CEzuiel ;ME~r x io6D 3 48 ; . .h > a 

t„.-'-< "?Liio--I.~i-„~; {a. -EON' 

=0x41813 045f8b23 617d0f664ba52 85f254e9851e4 9de7 85f5 84 9101a8 65bda5 6eaf0abef351b8c7afaede8ccal4d455e7 

2b9cdf6d5d0be38al0408 68 9baala3ae5 9998eb5ac710 80edal0f3c5a8ca4ef985 61e916b6f7clb75 9123044b6ad473aaeaf 

8748412acb78b923f4ccfecf58197cc037eef8184983b7be01c9dc64fdl . <243> BIT STRING 



(9) { iso member-body 840 113549 115}. 



<507> SEQUENCE . . . 
<9> NULL 

"~eZC.€i j . <ZCEni~V. "ko I . u"#.Kj6s a e0 



14 
14 
14 
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4 6 UDPCHAN 
4 6 UDPCHAN 



2> . . <612> keepAlive = (0) . <0> BOOLEAN 

2> . . <613> willSupplyUUIEs = (0) . <0> BOOLEAN 

2> . . <614> maintainConnection = (0) . <0> BOOLEAN 



6.3 RCF with DH Set of GK received by the client with signed 
token 



GK DH-random: (1 024 bits) 



939026824715467020180660911868049803879060150657833873050442050831300032589924827685350 9228147732 
88283197304209736559972 92393412337374634110544 62 6634732015153773012864764269211617363255175192022 
1668985166616300045437680107010993667772447261688573562223788685881307798416443383537252191409119 
89964818051098489 



14 


48 


46 


UDPCHAN 


INFO - 


New message 


(channel 


0) 


recv 


< — 


- registrationConf irm: 
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48 


46 


UDPCHAN 


Address 


































14 


48 


46 


UDPCHAN 


0> <1159> 


TransportAddress = 


= (0) 


<4579> 


CHOICE . 






14 


48 


46 


UDPCHAN 


1> . < 


1160> ipAddress 


= 


(0) 




<4570> SEQUENCE 






14 
(4 

14 


48 

A 


46 


UDPCHAN 


2> . . 


<1161> ip = 


(4 


' < 


.Eu' = 


=0x8bl7cbb5 <139 . 23 . 203 . 181> 


<4520> OCTET S 


• 4 

48:46 


UDPCHAN 


2> . . 


<1163> port 


= 


(1719) 




<155> 


INTEGER 


(0. .65535) 
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48 


46 


UDPCHAN 


Binary : 
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00000 


12 
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a9 


06 


00 


08 


91 


4a 


00 


04 


01 


00 


8b 17 


cb 


.A+©. . . " J. . . .< .E | 
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48 


46 
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00016 


b5 


06 


b8 


02 


02 


00 


76 


36 


b4 


04 


00 


34 


00 


33 00 


30 


]i. ... .v6'. .4.3.01 


14 


48 


46 


UDPCHAN 


00032 


00 


33 


00 


38 
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81 00 c6 c2 3d 31 fb 
fl fc a4 3c 13 64 ac 
b5 50 Od 79 ae 3c 09 
ab 2d 69 4b 73 dl d7 fl ea 



87 b7 f3 40 32 5c a2 a4 dl 

f8 70 cf d3 af 11 e3 71 a9 

66 63 ca 11 be 12 75 Ob d8 

f3 38 de 4d be 4e bO 



al 12 bd 4e 9b be fc 84 13 85 a3 a2 38 a4 f8 09 

0c 8c lb a3 df ec 56 92 75 3c dc fO c3 ac a9 97 

c7 ba 84 2e 21 bb f3 5b 5d 06 88 be 46 e6 a9 aa 

d4 7d 2a de 7f cf db 2a a5 5d b2 91 79 87 04 6b 

dO lb 02 03 01 00 01 a3 55 30 53 30 11 06 09 60 

86 48 01 86 f8 42 01 01 04 04 03 02 00 40 30 Id 

06 03 55 Id Oe 04 16 04 14 3b la 3d cc fb 26 fc 

c2 5e fc 12 39 79 b6 ab db a6 48 10 f7 30 If 06 

03 55 Id 23 04 18 30 16 80 14 06 78 87 5c 34 Oe 

65 82 67 67 4f 24 f4 93 31 a9 13 4f 58 b4 30 Od 
06 09 2a 86 48 86 f7 Od 01 01 05 05 00 03 81 81 
00 96 af dc If 28 8b Od 75 f8 d9 e5 93 36 a7 32 
42 81 8e b2 74 16 51 54 7d 2b b7 b8 aO c2 79 lb 
86 91 3c 92 3f a2 ef 02 d2 ee fa f5 66 6d a6 8e 
3d 90 40 e6 76 ff 25 d8 9b lc 67 18 16 3d 39 49 
4f d8 45 99 7f 7c ee 63 18 13 04 8b f8 28 4e 51 

66 13 df 06 bb bl 48 7f 21 6b 16 fa ff 4d 33 b2 
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01200 
01216 
01232 
01248 
01264 
01280 
01296 
01312 
01328 
01344 
01360 
01376 
01392 
01408 
01424 
Message : 

0> <1045> RasMessage = (0) . <2731> CHOICE .. 

1> . <1046> registrationConfirm = (4294967185) 
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2b e6 2a 60 d4 87 c9 b9 3a b8 9d 20 3c 7d ff 4b 
df el f7 ec 69 bO 28 01 41 7c fa f8 d4 81 9d ed 
2c Ob Ob ce 23 7b df 24 Oe 60 22 4b Of 4c c3 e7 
de 58 a2 a7 Oc la 12 Oe bf 3c 87 e6 86 12 3e 59 
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<2382> SEQUENCE 



2> 
2> 



<3594> OBJECT IDENTIFIER 
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4 6 UDPCHAN 

4 6 UDPCHAN 
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2> 
3> 

4> 
5> 



STRING (4. 



14 

14 
14 

14 



5> 
2> 
3> 

4> 



<1047> requestSeqNum = (11178) . <3615> INTEGER (1.. 65535) 
<1048> protocolldentif ier = (6) { itu-t recommendation h 2250 4 

<1050> callSignalAddress = (1) . <1151> SET OF CHOICE ... 
<1051> * = (10714) . <4579> CHOICE ... 
. <1052> ipAddress = (4294967185) . <4570> SEQUENCE 
. . <1053> ip = (4) '< .En' =0x8bl7cbb5 <139 . 23 . 203 . 181> 



<4520> OCTET 



. . <1055> port = (1720 
<1056> terminalAlias 
<1057> * = (8122) 
. <1058> el64 = (5 



<155> INTEGER (0.. 65535) 
(2) . <1147> SET OF CHOICE ... 
<4095> CHOICE . . . 
43038' =0x3433303338 . <4089> IA5String (1. 



.128) 



<1060> * = (9613) 
. <1061> h323-ID ■■ 



<4095> CHOICE 
(10) ' .4.3.0.3.8 



=0x0 0340 03300300033003 8 



<4084> 



:46 UDPCHAN 

:46 UDPCHAN 

:46 UDPCHAN 

:46 UDPCHAN 
FROM '#*, 0123456789' 
14:48:46 UDPCHAN: 3> 
14:48:46 UDPCHAN: 4> 
BMPString (1. .256) 

14:48:46 UDPCHAN: 2> . . <1063> gatekeeperldentif ier = (36) ' . S . i . e .m. e . n . £ 
= 0x0 053 00 6900 65 00 6d00 65 00 6e0073 02 04700 610074 65 6b0 65 65 007 00 650072 
(1. .128) 

14:48:46 UDPCHAN: 2> . . <1066> endpoint Identifier = (84) 

'.0.0.0.0.0.0.2.0.0.6.6.0.7.3.3.0.4.9.9.8.5.9.3.1.1.7.2.0.3.0.4.9.9.8.5.9.3.1.1. 
=0x0 03 00 03 00 03 00 03 00 03 00 0300 032 03 00 03 00 03 60 03 60 03 00 0370 033 033 03 00 0340 03 90 03 90 03 80 035 03 90 033 0310 
03100370032003000330030003400390039003800350039003300310031003600350038 . <3597> BMPString (1..128) 



.G.a.t.e.k.e.e.p.e 
<3610> BMPString 

.6.5.8' 
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2> . . <1071> cryptoTokens = (1) . <752> SET OF CHOICE 

3> . . . <1072> * = (12045) . <3421> CHOICE ... 

4> . . . . <1073> nestedcryptoToken = (7371) . <384> CHOICE ... 

5> <1074> cryptoSignedToken = (4294967185) . <366> SEQUENCE 

6> <1075> tokenOID = (7) { itu-t recommendation h 235 2 20 }. 



<171> OBJECT IDENTIFIER 
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6> <1077> token = (4294967185) . <351> SEQUENCE 

7> <1078> toBeSigned = (4294967185) . <471> SEQUENCE ... 

8> <1079> tokenOID = (7) { itu-t recommendation h 235 2 21 }. 



<171> OBJECT IDENTIFIER 

14:48:46 UDPCHAN: 8> <1081> timeStamp = (1023194926) . <738> INTEGER (1..-1) 

14:48:46 UDPCHAN: 8> <1082> dhkey = (4294967185) . <699> SEQUENCE ... 

14:48:46 UDPCHAN: 9> <1083> halfkey = (1024) 

'Dt ( .OaY-ada. ir:Ro-%fis<EPe@y- . 1 • c=f .V/ ! aEu ! fc"e2a ! Hea . "r.U] i»OeU..."2u-y$k, 6/1 . r@] r21t° • S- 
"0.de ln i.Yd. . i-CC\3eX.s.5F"Vq) . g 3 . T08i . .ce ' 

=0xd08 62 811d6e0dd8df0f2f00 6cf723a52f5 8d25fl9a8bc9deeb40ff8flab981e73d832e5 62f216145f9a6b6e7 94 6532e52 
148e9e40e92720ddb5decbbd6e9d985af32fa9dfd248 982d32fcf0b72405d723231a2b0b753 96afd61be880b992cel55 964 
e04cf7fa2c75c33eb581c9a2e3546225671290867b30b54d238ed0flb9c . <695> BIT STRING (0..2048) 

14:48:46 UDPCHAN: 9> <1090> modSize = (1024) 

'yyyyyyyyE.Ut ! hA4AJEb< €U . N) . N . Sglt . . 3 4 ! ; . > "Q J . y Z 4 . Yi • . 3 i:C.O+.m6_.70a5mmQAEa...pvb~~j£6LBe |7ik.y\16. -ii8k 

uZ°s-oY¥®Y$ . | K . si ( f Qi«S • yyyyyyyy ' 

=0xffffffffffffffffc90fdaa22168c234c4c6628b80dclcdl2 9024e088a67cc7 4 020bbea63bl39b22514a087 98e34 04dde 
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f9519b3cd3a431b302b0 
bfb5a8 99fa5ae9f24117 



14 
(0 

14 
14 
14 



48:46 UDPCHAN: 
.2048) 



a6df25fl4374fel356d6d51c245e4 85b57 6625e7ec6f44c42e9a637ed6b0bff5cb6f40 6b7edee38 6 

c4blfe649286651ece65381ffffffffffffffff . <695> BIT STRING (0..2048) 

> <1097> generator = (8) '.' =0x02 . <695> BIT STRING 



48:46 UDPCHAN 

48:46 UDPCHAN 

48:46 UDPCHAN 

<171> OBJECT IDENTIF 

14:48:46 UDPCHAN: 9 

'0, . -i0, 40. . 

RSA1.0. . .U. . . .del.O. 
=0x308202ac30820215a 
04365727469666963617 
30a5369656d656e73204 
14:48:46 UDPCHAN: 8 
'.0.0.0.0.0.0.2.0.0. 



> <109 

> <110 

> <1 

IER 

> <1 

.*+H + -r 0- -1 (OS. .U 

. .U. . . .Siemens AG1.0. . 
003020102020134300d0 60 
4696f6e20417574686f7 26 
1473110300e06035504 0bl 

> <113 

6.6.0.7.3.3.0.4.9.9.8. 



9> random = (41) . <735> INTEGER 

0> certificate = (4294967185) . <628> SEQUENCE ... 

101> type = (7) { itu-t recommendation h 235 2 23 }. 



103> 

.U. . 
92a8 

9747 
3075 

3> g 

5 



=0x00300030003000300 
03100370032003000330 
14:48:46 UDPCHAN: 8 
=0x005300690065006d0 
(1. .128) 

14:48:46 UDPCHAN: 7> . 
<171> OBJECT IDENTIFIER 



03000300032003000300036003 
03000340039003900380035003 

> <1138> 

6500 6e00730020004700 61007 



certificate = (688) 
IPL Certification Authority 
. . ZT IK 3 ' 

64886f7 0d0 101050500308181312830260603550403131 f4 
92 052534 13 10b300 90 60355040 61302 64 653 11330 110 6035 
a5420494b2033 . <183> OCTET STRING 
enerallD = (84) 

3.1.1.7.2.0.3.0.4.9.9.8.5.9.3.1.1.6.5.8' 
6003000370033003300300034003 9003 90 0380035003 9003 
9003300310031003600350038 . <725> BMPString (1. 
endersID = (36) ' . S . i . e .m. e . n. s . . G. a. t . e . k. e . e 
40065006b00650065007000650072 . <725> BMPString 



9504c2 
5040al 



300310 
.128) 
p. e . r ' 



<1141> algorithmOID = (9) { iso member-body 840 113549 115}. 



14:48:46 UDPCHAN: 7> . . . . 
14:48:46 UDPCHAN: 8> . . . . 
14:48:46 UDPCHAN: 7> . . . . 
. 13CnnzAe.-'6Zz. >np . L, \ . hAM~ + . 
<}yKBa+ii° (.A|uo6- •!, . .I#{6$ 
=0x8ffa5f0 6b7 8ccba918e80de312 
d982blf3e2be62a60d487c9b93ab8 
Cc3e7de5 8a2a7 0clal2 0ebf3c87e6 
> 



. . . <1143> paramS = (4294967185) 
.... <1144> null = (4294967173) 
. . . <1145> signature = (1024) '• 

>+s*~6tE 1 : , • 

' "K.LAcPXt§. . . . £<*st . >YHHa: 



<507> SEQUENCE . . . 
<9> NULL 
•CEE©.e.a.+ao~. Zn'O 



14 
14 
14 

14 
14 
14 
14 



4 6 UDPCHAN 

4 6 UDPCHAN 

4 6 UDPCHAN 

4 6 UDPCHAN 

4 6 UDPCHAN 

4 6 UDPCHAN 

4 6 UDPCHAN 



x\ . j_jj-i ij,f av^. . . . ^ -» + a; i ,/iima. . Vii J® 

:2be2f37el4 8efl27d52003 6c33c7 6efl7a41eb2eacf65a9ell9bfldel94c825c03 68c44 
'9d203c7dff4bdfelf7ec69b02 801417cfaf8d4 819ded2c0b0bce237bdf240e60224b0f4 
86123e594848e53a921276dfb94aae . <243> BIT STRING 

<1152> willRespondToIRR = (0) . <0> BOOLEAN 

<1153> preGrantedARQ = (4294967185) . <2355> SEQUENCE ... 

. <1154> makeCall = (0) . <0> BOOLEAN 

. <1155> useGKCallSignalAddressToMakeCall = (0) . <0> BOOLEAN 

. <1156> answerCall = (0) . <0> BOOLEAN 

. <1157> useGKCallSignalAddressToAnswer = (0) . <0> BOOLEAN 

<1158> maintainConnection = (0) . <0> BOOLEAN 



6.4 ARQ now with baseline security received by the 
Gatekeeper with CryptoHashedToken 



14 : 
14: 
14: 
14: 
14: 
(4. 
14 : 
14: 
14: 
14: 
14: 
14: 
14: 
14: 
14: 
14: 
14: 
14: 
14 : 
14: 
14: 
14 : 
14: 
14: 
14: 
14: 
14: 
14: 
14: 
14: 
14: 
14: 
14: 
14 : 
14: 
14: 
14: 
14: 
14: 
14: 
14: 



' .0. 

=0x0 



00 UDPCHAN 

00 UDPCHAN 

00 UDPCHAN 

00 UDPCHAN 

00 UDPCHAN 

00 UDPCHAN 

00 UDPCHAN 

00 UDPCHAN 

00 UDPCHAN 

00 UDPCHAN 

00 UDPCHAN 

00 UDPCHAN 

00 UDPCHAN 

00 UDPCHAN 

00 UDPCHAN 

00 UDPCHAN 

00 UDPCHAN 

00 UDPCHAN 

00 UDPCHAN 

00 UDPCHAN 

00 UDPCHAN 

00 UDPCHAN 

00 UDPCHAN 

00 UDPCHAN 

00 UDPCHAN 

00 UDPCHAN 

00 UDPCHAN 

00 UDPCHAN 

00 UDPCHAN 

00 UDPCHAN 

00 UDPCHAN 

00 UDPCHAN 

00 UDPCHAN 

00 UDPCHAN 

00 UDPCHAN 

00 UDPCHAN 

00 UDPCHAN 

00 UDPCHAN 

00 UDPCHAN 

00 UDPCHAN 
0.0.1.1.2.0 
00030003000 



INFO - New message (channel 0) recv < — admissionRequest : 

Address : 
0> <1068> TransportAddress = (0) . <4579> CHOICE ... 
1> . <1069> ipAddress = (0) . <4570> SEQUENCE 
2> . . <1070> ip = (4) '< .Eu' =0x8bl7cbb5 <139 . 23 . 203 . 181> 



<4520> OCTET STRING 



2> . 

Binary 

00000 

00016 

00032 

00048 

00064 

00080 

00096 

00112 

00128 

00144 

00160 

00176 

00192 

00208 

00224 

00240 

00256 

00272 

00288 

00304 

00320 

00336 

00352 

00368 

Message 

0> <10 

1> 

2> 

2> 

3> 

2> 

3> 

2> 

.0.7.1.4 
30003100 



<1072> port 



(1660) 



<155> INTEGER (0.. 65535) 



27 90 
00 31 
00 31 
00 39 
00 30 
00 31 

02 02 

33 00 

03 77 
00 01 

34 34 
65 00 
6b 00 
00 08 
05 cO 
6d 00 
65 00 
52 00 
30 00 

30 00 

31 00 
39 00 
36 00 
d5 f6 



3f b4 

00 32 
00 33 
00 33 
00 34 
00 31 
00 86 
8b 17 
00 00 
00 11 
34 34 
6e 00 
65 00 
81 6b 
3c f c 
65 00 
6b 00 
30 00 

30 00 
34 00 

31 00 
39 00 
36 00 
a8 21 



0a 90 
00 30 
00 30 
00 31 
00 39 00 
00 36 
73 64 
cb b5 
10 32 
00 02 
ef 25 
73 00 
65 00 
00 02 
b7 3b 
6e 00 
65 00 
30 00 
37 00 
39 00 
37 00 



00 30 00 

00 30 00 

00 34 00 

00 31 00 

39 00 

00 36 00 
04 00 35 
06 7d 40 
Oe 56 34 
17 c3 03 
22 00 53 
20 00 47 
70 00 65 

01 c5 00 
01 2a 22 
73 00 20 
65 00 70 

30 00 30 

31 00 34 
39 00 38 

32 00 30 
00 35 00 39 
07 00 08 81 



36 

3C 

75 bf 18 79 4f 



00> RasMessage = (0) . <273 
1001> admissionRequest = (42 
<1002> requestSeqNum = (163 
<1003> callType = (13487) . 
. <1004> pointToPoint = (42 
<1005> callModel = (9058) . 
. <1006> gatekeeperRouted = 
<1007> endpoint Identifier = 
7.1.3.0.4.9.9.8.5.9.3.1.1.7 
3100320030003000370031003400 



30 00 30 00 30 00 31 

37 00 31 00 34 00 37 

39 00 39 00 38 00 35 

37 00 32 00 30 00 33 

38 00 35 00 39 00 33 
30 01 02 00 76 36 bO 
00 33 00 34 00 30 00 
05 00 29 40 02 17 c3 
34 34 34 ef 08 e5 20 
77 00 00 10 32 Od 56 
00 69 00 65 00 6d 00 
00 61 00 74 00 65 00 
00 72 80 ae 01 74 07 
07 00 08 81 6b 00 02 
00 53 00 69 00 65 00 
00 47 00 61 00 74 00 
00 65 00 72 02 80 55 
00 31 00 31 00 32 00 
00 37 00 31 00 33 00 
00 35 00 39 00 33 00 
00 33 00 30 00 34 00 
00 33 00 31 00 31 00 
6b 00 02 06 00 60 bf 
4f e9 01 00 

ICE . . . 

85) . <2004> SEQUENCE ... 
<3615> INTEGER (1.. 65535) 
9> CHOICE . . . 
73) . <9> NULL 
0> CHOICE . . . 
967173) . <9> NULL 



'•?'.-. 0.0. 0.0.1 
.1.2.0.0.7.1.4.7 
.1.3.0.4.9.9.8.5 
.9.3.1.1.7.2.0.3 
.0.4.9.9.8.5.9.3 
.1.1.6.6.0.. .v6° 
. . . tsd. .5.3.4.0. 
3.< .Eu. }@. . ) @. .A 
.w. . .2.V4444I.a 

A.w. . .2.V 

4444i%" .S.i.e.m. 
e.n.s. .G.a.t.e. 
k . e . e . p . e . r€® . t . 
. . -k. . .A. . . . -k. . 
. A<ii- ; . *" . S. i.e. 
m. e.n.s. .G.a.t. 
e.k.e.e.p.e.r .€U 
R. 0.0. 0.0. 1.1. 2. 
0.0.7.1.4.7.1.3. 
0.4.9.9.8.5.9.3. 
1.1.7.2.0.3.0.4. 
9.9.8.5.9.3.1.1. 
6.6.0. . . -k. ... ' i 
Oo" !u£ . yOOe. . I 



1> 
949 
09) 
< 
949 



(4 
(8 

.2. 

370 



CHO 
671 

198 

671 

198 

294 

4) 

0.3 

031 



.0.4.9.9.8.5.9.3.1.1.6.6.0' 
00330030003400390039003800350039003300310 



ETSI 



23 



ETSI TS 101 888 V4.2.1 (2003-12) 



031003 
14:49: 
14:49: 
14:49: 
FROM ' 
14:49: 
14:49: 
14:49: 
FROM ' 
14:49: 
14:49: 
BMPStr 
14:49: 
14:49: 
14:49: 
STRING 
14:49: 
14:49: 
14:49: 
14:49: 
= 0x021 
14:49: 
14:49: 
14:49: 
14:49: 
14:49: 
= 0x021 
14:49: 
= 0x005 
(1. .12 
14:49: 
14:49: 
14:49: 
14:49: 
14:49: 
OBJECT 
14:49: 
14:49: 
<171> 
14:49: 
14:49: 
14:49: 
=0x005 
(1. .12 
14:49: 
' .0.0. 
= 0x003 
031003 
14:49: 
14:49: 
<171> 
14:49: 
14:49: 
14:49: 
<243> 
14:49: 



7003200300033003000 
> 



00 UDPCHAN 
00 UDPCHAN 
00 UDPCHAN 
#*, 0123456789' 
00 UDPCHAN 
00 UDPCHAN 
00 UDPCHAN 
#*, 0123456789' 
00 UDPCHAN: 
00 UDPCHAN: 
ing (1..256) 
00 UDPCHAN: 
00 UDPCHAN: 
00 UDPCHAN: 

(4. .4) 
00 UDPCHAN: 
00 UDPCHAN: 
00 UDPCHAN: 
00 UDPCHAN: 



> 
> 

7c30377000010320e56 



00 UDPCHAN 
00 UDPCHAN 
00 UDPCHAN 
00 UDPCHAN 
00 UDPCHAN 
7c303770000103 
00 UDPCHAN: 2 
300690065006d0 
8) 

00 UDPCHAN 
00 UDPCHAN 
00 UDPCHAN 
00 UDPCHAN 
00 UDPCHAN 

IDENTIFIER 
00 UDPCHAN: 
00 UDPCHAN: 



3400390039003800350039003300310031003600360030 . <3597> BMPString (1..128) 

<1012> destinationlnfo = (1) . <1147> SET OF CHOICE ... 
. <1013> * = (8122) . <4095> CHOICE ... 

. . <1014> el64 = (5) '43038' =0x3433303338 . <4089> IA5String (1..128) 

<1016> srclnfo = (2) . <1147> SET OF CHOICE ... 

. <1017> * = (8122) . <4095> CHOICE ... 

. . <1018> el64 = (5) '53403' =0x3533343033 . <4089> IA5String (1..128) 

. <1020> * = (9613) . <4095> CHOICE ... 

. . <1021> h323-ID = (10) '.5.3.4.0.3' =0x00350033003400300033 . <4084> 

<1023> srcCallSignalAddress = (10714) . <4579> CHOICE ... 

. <1024> ipAddress = (4294967185) . <4570> SEQUENCE 

. . <1025> ip = (4) '< .Eu' =0x8bl7cbb5 <139 . 23 . 203 . 181> 



<4520> OCTET 



. . <1027> port = (1661) . 
<1028> bandwidth = (1280) 
<1029> callReferenceValue : 
<1030> conferencelD = (16) 



<155> INTEGER (0.. 65535) 
<3606> INTEGER (0..-1) 
(10560) . <3602> INTEGER (0.. 65535) 
' . .A.w. . .2.V4444I' 



34343434ef . <3620> OCTET STRING (16.. 16) 

<1032> activeMC = (0) . <0> BOOLEAN 

<1033> answerCall = (0) . <0> BOOLEAN 

<1034> canMapAlias = (0) . <0> BOOLEAN 

<1035> callldentifier = (4294967185) . <3568> SEQUENCE 

. <1036> guid = (16) ' . . A. w. . . 2 . V4444I ' 
20d5634343434ef . <3625> OCTET STRING (16.. 16) 
> . . <1038> gatekeeperldentif ier = (36) ' . S . i . e .m. e . n. 
6500 6e00730020004700 61007400 6500 6b00 6500 65007000 65 0072 



G.a.t .e.k.e.e.p.e.r ' 



> 



<3610> BMPString 

<1041> cryptoTokens = (1) . <752> SET OF CHOICE ... 

. <1042> * = (12045) . <3421> CHOICE ... 

. . <1043> nestedcryptoToken = (7314) . <384> CHOICE ... 

. . . <1044> cryptoHashedToken = (4294967185) . <339> SEQUENCE 

.... <1045> tokenOID = (7) { itu-t recommendation h 235 021}. <171> 



> . 

> . 

'■i: )L'"'_ _ ..'L:.jifier 

> . 

> . 



<1047> hashedVals 
. <1048> tokenOID 



(4294967185) . <556> SEQUENCE ... 

(7) { itu-t recommendation h 235 2 5}. 



> 



00 UDPCHAN 

00 UDPCHAN 

00 UDPCHAN 

300690065006d006500 

8) 

00 UDPCHAN: 7> . . 

0.0.1.1.2.0.0 



<1050> timeStamp = (1023194940) . <738> INTEGER (1..-1) 

<1051> random = (42) . <735> INTEGER 

<1052> generallD = (36) ' . S . i . e .m. e . n . s . . G . a . t . e . k . e . e . p . e . r ' 

6e007300200047006100740065006b00650065007000650072 . <725> BMPString 



.7.1.4 



0003000300030003100 

7003200300033003000 
00 UDPCHAN: 6> . . 
00 UDPCHAN: 7> . . 
OBJECT IDENTIFIER 



<1055> sendersID = (84) 

.7.1.3.0.4.9.9.8.5.9.3.1.1.7.2.0.3.0.4.9.9.8.5.9.3.1.1.6.6.0' 

3100320030003000370031003400370031003300300034003 9003 90 0380035003 9003300310 
3400390039003800350039003300310031003600360030 . <725> BMPString (1..128) 

.... <1060> token = (4294967185) . <532> SEQUENCE 

<1061> algorithmOID = (7) { itu-t recommendation h 235 2 6}. 



14:49: 

14:49: 

14:49: 

14:49: 

14:49: 

(4. .4) 

14:49: 

14:49: 

14:49: 

14:49: 

14:49: 

14:49: 

14:49: 

14:49: 

14:49: 

14:49: 

14:49: 

STRING 

14:49 

14:49 

14:49 

14:49 

FROM ' 

14:49: 

14:49: 

14:49: 

14:49: 

14:49: 

14:49: 

14:49: 

14:49: 

14:49: 

OBJECT 



00 UDPCHAN 
00 UDPCHAN 
00 UDPCHAN 
BIT STRING 
00 UDPCHAN 
00 UDPCHAN 
00 UDPCHAN 
00 UDPCHAN 
00 UDPCHAN 
00 UDPCHAN 



7> 
8> 

7> 



<1063> paramS = (4294967185) . <507> SEQUENCE . . . 

. <1064> null = (4294967173) . <9> NULL 

<1065> hash = (96) ' £06" ! u£ . yOOe ' =0xbf d5f 6a82175bf 18794f 4f e9 



2> . . 
INFO - 
Address 
0> <11 
1> . < 
2> . . 



<1067> willSupplyUUIEs : 
New message (channel 0) 



(0) . <0> BOOLEAN 

sent — > admissionConf irm: 



11> TransportAddress = (0) . <4579> CHOICE ... 
1112> ipAddress = (0) . <4570> SEQUENCE 
<1113> ip = (4) '< .Eu' =0x8bl7cbb5 <139 . 23 . 203 . 181> 



<4520> OCTET STRING 



00 UDPCHAN 

00 UDPCHAN 

00 UDPCHAN 

00 UDPCHAN 

00 UDPCHAN 

00 UDPCHAN 

00 UDPCHAN 

00 UDPCHAN 

00 UDPCHAN 

00 UDPCHAN 

00 UDPCHAN 

(4. .4) 

00 UDPCHAN 

00 UDPCHAN 

00 UDPCHAN 

00 UDPCHAN 
,0123456789 



00 UDPCHAN 

00 UDPCHAN 

00 UDPCHAN 

00 UDPCHAN 

00 UDPCHAN 

00 UDPCHAN 

00 UDPCHAN 

00 UDPCHAN 

00 UDPCHAN 
IDENTIFIER 



2> . . 
Message 
0> <10 
1> 
2> 
2> 
2> 
3> 
2> 
3> 
4> 

4> 
2> 
3> 

4> 

2> 
3> 
3> 
3> 
2> 
3> 
4> 
5> 
6> 



<1115> port 



(1660) 



<155> INTEGER (0.. 65535) 



76> RasMessage = (0) . <2731> CHOICE ... 

1077> admissionConfirm = (0) . <1884> SEQUENCE ... 
<1110> requestSeqNum = (16309) . <3615> INTEGER (1.. 65535) 
<1078> bandwidth = (1280) . <3606> INTEGER (0..-1) 
<1079> callModel = (0) . <1980> CHOICE ... 
. <1096> gatekeeperRouted = (0) . <9> NULL 
<1105> destCallSignalAddress = (0) . <4579> CHOICE ... 
. <1106> ipAddress = (0) . <4570> SEQUENCE 
. . <1107> ip = (4) '< .Eu' =0x8bl7cbb5 <139 . 23 . 203 . 181> . 



<4520> OCTET 



. . <1109> port = (1720) . <155> INTEGER (0.. 65535) 

<1097> destinationlnfo = (0) . <1147> SET OF CHOICE ... 

. <1098> * = (0) . <4095> CHOICE ... 

. . <1099> el64 = (5) '43038' =0x3433303338 . <4089> IA5String (1..128) 

<1101> destinationType = (0) . <4403> SEQUENCE ... 

. <1102> terminal = (0) . <4204> SEQUENCE ... 

. <1103> mc = (0) . <0> BOOLEAN 

. <1104> undefinedNode = (0) . <0> BOOLEAN 

<1116> cryptoTokens = (4294966741) . <752> SET OF CHOICE ... 

. <1117> * = (4294966741) . <3421> CHOICE ... 

. . <1118> nestedcryptoToken = (4294966741) . <384> CHOICE ... 

. . . <1119> cryptoHashedToken = (4294966741) . <339> SEQUENCE 

.... <1120> tokenOID = (7) { itu-t recommendation h 235 021}. <171> 
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14: 

14: 

<17 

14: 

14: 

14: 

' .0 

= 0x 

031 

14 

= 0x 

(1. 

14: 

14: 

<17 

14: 

14: 

14: 

<24 

14: 

14: 

14: 

14: 

14: 

14: 

14: 

14: 

14: 

14: 

14: 

14: 

14: 

14: 

14: 

14: 

14: 

14: 

14: 

14: 

14: 

14: 

14: 

14: 

14: 

14: 

14: 

14: 

14: 

14 : 



49:00 UDPCHAN: 6 
49:00 UDPCHAN: 7 
1> OBJECT IDENTIF 



00 UDPCHAN 
00 UDPCHAN 
00 UDPCHAN 



> . 

> . 

IER 

> . 

> . 

> . 



<1122> hashedVals 
. <1123> tokenOID 



(4294966741) . <556> SEQUENCE ... 

(7) { itu-t recommendation h 235 2 5}. 



0.0.0.1.1.2.0.0.7.1.4 



0030003000300030003100 

0037003200300033003000 

49:00 UDPCHAN: 7> . . 

00530 690 650 6d00 65 

.128) 

49:00 UDPCHAN: 6 

49:00 UDPCHAN: 7 

1> OBJECT IDENTIF 



49:00 UDPCHAN 

49:00 UDPCHAN 

49:00 UDPCHAN 
3> BIT STRING 

49:00 UDPCHAN 

49:00 UDPCHAN 

49:00 UDPCHAN 

49:00 UDPCHAN 

49:00 UDPCHAN 

49:00 UDPCHAN 

49:00 UDPCHAN 

49:00 UDPCHAN 

49:00 UDPCHAN 

49:00 UDPCHAN 

49:00 UDPCHAN 

49:00 UDPCHAN 

49:00 UDPCHAN 

49:00 UDPCHAN 

49:00 UDPCHAN 

49:00 UDPCHAN 

49:00 UDPCHAN 

49:00 UDPCHAN 

49:00 UDPCHAN 

49:00 UDPCHAN 

49:00 UDPCHAN 

49:00 UDPCHAN 

49:00 UDPCHAN 

49:00 UDPCHAN 

49:00 UDPCHAN 

49:00 UDPCHAN 

49:00 UDPCHAN 

49:00 UDPCHAN 

49:00 UDPCHAN 

49:00 UDPCHAN 



7 



> 
> 

IER 

> 

> 



7> 



> 



Bl 
00 
00 
00 
00 
00 
00 
00 
00 
00 
00 
00 
00 
00 




nary 

000 

016 

032 

048 

064 

080 

096 

112 

128 

144 

160 

176 

192 

208 



<1134> timeStamp = (1023194940) . <738> INTEGER (1..-1) 

<1133> random = (18468) . <735> INTEGER 

<1125> generallD = (84) 

.7.1.3.0.4.9.9.8.5.9.3.1.1.7.2.0.3.0.4.9.9.8.5.9.3.1.1.6.6.0' 

31003200300030003700310034003700310033003000340039003900380035003 9003300310 
3400390039003800350039003300310031003600360030 . <725> BMPString (1..128) 

<1130> sendersID = (36) ' . S . i . e .m. e . n. s . . G. a. t . e . k. e . e .p. e . r ' 

6e007300200047006100740065006b00650065007000650072 . <725> BMPString 

.... <1135> token = (4294966741) . <532> SEQUENCE 

<1136> algorithmOID = (7) ( itu-t recommendation h 235 2 6}. 



<1138> paramS = (4294966741) . <507> SEQUENCE ... 

. <1139> null = (0) . <9> NULL 

<1140> hash = (96) ' < . Eu I . . . . y . y ' =0x8bl7cbb57c06000000f f OOf f . 



<1081 
<1082 
<10 
<10 
<10 
<10 
<10 
<10 
<10 
<10 
<10 
<10 
<10 
<10 
<10 



willRespondToIRR = 
uuiesRequested = (0 

> setup = (0) . <0 

> callProceeding = 

> connect = (0) . 

> alerting = (0) . 

> information = (0) 

> releaseComplete = 

> facility = (0) . 

> progress = (0) . 

> empty = (0) . <0 

> status = (0) . 

> statuslnquiry = 

> setupAcknowledge 

> notify = (0) . 



(0) . <0> BOOLEAN 
) . <1829> SEQUENCE 

> BOOLEAN 
(0) . <0> BOOLEAN 

<0> BOOLEAN 
<0> BOOLEAN 

<0> BOOLEAN 
(0) . <0> BOOLEAN 
<0> BOOLEAN 
<0> BOOLEAN 

> BOOLEAN 
<0> BOOLEAN 
(0) . <0> BOOLEAN 

= (0) . <0> BOOLEAN 
<0> BOOLEAN 



2a 

cO 

07 

02 

30 

31 

3 

32 

35 

80 

73 

65 

60 

80 



00 



3f b4 

00 06 01 

00 08 81 

05 cO 3c 

00 30 00 

00 34 00 

9 00 38 00 

00 30 00 

00 39 00 

25 22 00 

00 20 00 

00 70 00 
f5 7e 16 

01 f8 01 



40 05 

02 00 

6b 00 

fc b7 

31 00 

37 00 

35 00 

33 00 

33 00 

53 00 

47 00 

65 00 

8b 8f 

00 01 



00 40 

76 36 

02 01 

3b 02 

31 00 

31 00 

39 00 

30 00 

31 00 
69 00 
61 00 
72 07 
75 4f 
00 01 



8b 17 
bO 02 
c5 00 
48 24 

32 00 

33 00 

33 00 

34 00 
31 00 
65 00 
74 00 
00 08 
52 81 
00 01 



cb b5 06 

02 00 80 

07 00 08 
52 

30 00 30 

30 00 34 

31 00 31 
39 00 39 
36 00 36 
6d 00 65 
65 00 6b 
81 6b 00 
cf ef 82 
00 



b8 29 44 

af 01 74 

81 6b 00 

30 00 30 00 

00 37 00 

00 39 00 

00 37 00 

00 38 00 

00 30 02 

00 6e 00 

00 65 00 
02 06 00 

01 00 0b 



*.?'@ 


.@< .Eu. 


)D 


A. . . . 


v6° . . .€ 


".t 


. . . -k 


. .A. . . . 


k. 


. .A<u 


; .H$R.O 


0. 


0.0.1 


1.2.0.0 


7 


1.4.7 


1.3.0.4 


9 


9.8.5 


9.3.1.1 


7. 


2.0.3 


0.4.9.9 


8 


5.9.3 


1.1.6.6 


n 


€%".S 


i . e .m. e 


n . 


s. .G 


a. t . e . k 


e . 


e .p. e 


r. . . -k. 




o~ . < 


uOR-Ii, 





€.0. 



6.5 ACF received by the Client with cryptohashed token 



14:49 

14:49 

14:49 

14:49 

14:49 

(4. .4 

14:49:0 

14:49:0 

14:49:0 

14:49:0 

14:49:0 

14:49 

14:49 

14:49 

14:49 

14:49:0 

14:49:0 

14:49:0 

14:49:0 

14:49:0 

14:49 

14:49 

14:49 

14:49 

14:49:0 

14:49:0 

14:49:0 

14:49:0 

14:49:0 

14:49:0 

14:49:0 

14:49:0 

STRING 

14:49:0 







00 UDPCHAN 



)0 UDPCHAN 

)0 UDPCHAN 

UDPCHAN 

UDPCHAN 



UDPCHAN 
UDPCHAN 
UDPCHAN 
UDPCHAN 
UDPCHAN 
UDPCHAN 
UDPCHAN 
UDPCHAN 
UDPCHAN 
UDPCHAN 
UDPCHAN 
UDPCHAN 
UDPCHAN 
UDPCHAN 
UDPCHAN 
UDPCHAN 
UDPCHAN 
UDPCHAN 
UDPCHAN 
UDPCHAN 
UDPCHAN 
UDPCHAN 
UDPCHAN 
UDPCHAN 
UDPCHAN 
UDPCHAN 
(4. .4) 
UDPCHAN 



INFO - New message (channel 0) recv < — admissionConf irm: 

Address : 
0> <1870> TransportAddress = (0) . <4579> CHOICE ... 
1> . <1871> ipAddress = (0) . <4570> SEQUENCE 
2> . . <1872> ip = (4) '< .Eu' =0x8bl7cbb5 <139 . 23 . 203 . 181> 



2> . 

Binary : 

00000 

00016 

00032 

00048 

00064 

00080 

00096 

00112 

00128 

00144 

00160 

00176 

00192 

00208 

Message : 

0> <181 

1> . <1 

2> 

2> 

2> 

3> 

2> 

3> 

4> 

4> 



<1874> port 

2a 00 2b aa 40 

cO 00 02 02 00 

01 c5 00 07 00 

01 2b 52 00 30 

32 00 30 00 30 

33 00 30 00 34 

33 00 31 00 31 

34 00 39 00 
31 00 36 00 35 
65 00 6d 00 65 
74 00 65 00 6b 
00 08 81 6b 00 
0b cO 8d 38 e9 
00 01 00 



(1719) 



<155> INTEGER (0.. 65535) 



05 00 40 8b 17 cb b5 06 

80 ae 01 74 07 00 08 81 

08 81 6b 00 02 05 cO 3c 

00 30 00 30 00 

00 36 00 36 00 

00 39 00 39 00 38 



00 37 00 32 00 

39 00 38 00 35 00 

00 38 02 80 25 

00 6e 00 73 00 

00 65 00 65 00 
02 06 00 60 03 

01 00 0b 80 01 



30 00 30 

30 00 37 

38 00 35 
30 00 33 

39 00 33 
22 00 53 
20 00 47 
70 00 65 
19 a2 69 
f8 01 00 



79 28 44 
6b 00 02 
fc b7 3b 
00 30 00 
00 33 00 
00 39 00 
00 30 00 
00 31 00 
00 69 00 
00 61 00 

00 72 07 
db lc 38 

01 00 01 



<4520> OCTET STRING 



1 * . + a @ 


.@< 


Eu.y (D 


|A. . . .€®.t 


. . -k. . | 


1 .A. . . . -k. 


,A<u- 




. +R.0 





0.0.0 




12.0.0 


6 6 


0.7.3 




13.0.4 


9 9 


8.5.9 




13.1.1 


7.2 


0.3.0 




14.9.9 


8 5 


9.3.1 




11.6.5 


8.e'- 


s " . S . i 




e .m. e 


n. s 


.G.a 




t.e.k 


e . e 


p. e . r 




1 . . -k. 




. CiU.8 I 


.A-8e 
1 . . . 1 


. .€ 


0. . . . 





4> RasMessage = (0) . <2731> CHOICE ... 

815> admissionConfirm = (4294967185) . <1884> SEQUENCE ... 

<1816> requestSeqNum = (11179) . <3615> INTEGER (1.. 65535) 

<1817> bandwidth = (1280) . <3606> INTEGER (0..-1) 

<1818> callModel = (9058) . <1980> CHOICE ... 

. <1819> gatekeeperRouted = (4294967173) . <9> NULL 

<1820> destCallSignalAddress = (10714) . <4579> CHOICE ... 

. <1821> ipAddress = (4294967185) . <4570> SEQUENCE 

. . <1822> ip = (4) '< .Eu' =0x8bl7cbb5 <139 . 23 . 203 . 181> . <4520> OCTET 



<1824> port 



(1657) 



<155> INTEGER (0.. 65535) 



ETSI 
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00 UDPCHAN 

00 UDPCHAN 

00 UDPCHAN 

00 UDPCHAN 

00 UDPCHAN 

00 UDPCHAN 

00 UDPCHAN 

00 UDPCHAN 

00 UDPCHAN 

IDENTIFIER 

00 UDPCHAN: 

00 UDPCHAN: 



:00 UDPCHAN 
:00 UDPCHAN 
:00 UDPCHAN 



14:49: 
14:49: 
14:49: 
14:49: 
14:49: 
14:49: 
14:49: 
14:49: 
14:49: 
OBJECT 
14:49: 
14:49: 
<171> OBJECT IDENTIF 
14:49 
14:49: 
14:49 
.0.0.0.0.0.0.2.0.0 



<1825> destinationType = (4294967185) . <4403> SEQUENCE ... 

. <1826> terminal = (4294967185) . <4204> SEQUENCE ... 

. <1827> mc = (0) . <0> BOOLEAN 

. <1828> undefinedNode = (0) . <0> BOOLEAN 

<1829> cryptoTokens = (1) . <752> SET OF CHOICE ... 

. <1830> * = (12045) . <3421> CHOICE ... 

. . <1831> nestedcryptoToken = (7314) . <384> CHOICE ... 

. . . <1832> cryptoHashedToken = (4294967185) . <339> SEQUENCE 



> <1833> tokenOID 



(7) { itu-t recommendation h 235 2 1}. 



<171> 



(4294967185) . <556> SEQUENCE .. 
(7) ( itu-t recommendation h 235 



=0x 

031 

14 

= 0x 

(1. 

14: 

14: 

<17 

14: 

14: 

14: 

<24 

14: 

14: 

14: 

14: 

14: 

14: 

14: 

14: 

14: 

14: 

14: 

14: 

14: 

14: 

14: 

14: 

14: 

14: 

14: 

14: 

14: 

14: 

14: 

14: 

14: 

14: 

[PR 

14: 

14: 

14: 

14: 

225 

14: 

14: 

14: 

14: 

14: 

14: 

(0. 

14: 

=0x 

14 

= 0x 

14: 

14: 

14: 

14: 

14: 

= 0x 

14 

14 
14 



00300030003000300 

00370032003000330 
49:00 UDPCHAN: 7 
005300690065006d0 
.128) 

49:00 UDPCHAN: 6 
49:00 UDPCHAN: 7 
1> OBJECT IDENTIF 
7 



> <1835> hashedVals 

> <1836> tokenOID 

IER 

> <1838> timeStamp = (1023194940) . <738> INTEGER (1. 

> <1839> random = (43) . <735> INTEGER 

> <1840> generallD = (84) 

6.6.0.7.3.3.0.4.9.9.8.5.9.3.1.1.7.2.0.3.0.4.9.9.8.5.9.3.1.1.6.5.8' 



2 5}. 



-1) 



03000300032003000300036003600300037003300330030003400390039003800350039003300310 
030003400390039003800350039003300310031003600350038 . <725> BMPString (1..128) 

> <1845> sendersID = (36) ' . S . i . e .m. e . n . s . . G . a . t . e . k . e . e . p . e . r ' 

065006e007300200047006100740065006b00650065007000650072 . <725> BMPString 



49:00 UDPCHAN 

49:00 UDPCHAN 

49:00 UDPCHAN 
3> BIT STRING 

49:00 UDPCHAN 

49:00 UDPCHAN 

49:00 UDPCHAN 

49:00 UDPCHAN 

49:00 UDPCHAN 

49:00 UDPCHAN 

49:00 UDPCHAN 

49:00 UDPCHAN 

49:00 UDPCHAN 

49:00 UDPCHAN 

49:00 UDPCHAN 

49:00 UDPCHAN 

49:00 UDPCHAN 

49:00 UDPCHAN 

49:00 UDPCHAN 

49:00 TPKTCHAN 

49:00 TPKTCHAN 

49:00 TPKTCHAN 

49:00 TPKTCHAN 

49:00 TPKTCHAN 

49:00 TPKTCHAN 

49:00 TPKTCHAN 

49:00 TPKTCHAN 

49:00 TPKTCHAN 

49:00 TPKTCHAN 

49:00 TPKTCHAN 

.IVATE ] ... 

49:00 TPKTCHAN 

49:00 TPKTCHAN 

49:00 TPKTCHAN 

49:00 TPKTCHAN 
4}. <3594> 

49:00 TPKTCHAN 

49:00 TPKTCHAN 

49:00 TPKTCHAN 

49:00 TPKTCHAN 

49:00 TPKTCHAN 

49:00 TPKTCHAN 
.65535) 

49:00 TPKTCHAN : 
54657374206170706 

49:00 TPKTCHAN : 
524144566973696f6 

49:00 TPKTCHAN 

49:00 TPKTCHAN 

49:00 TPKTCHAN 

49:00 TPKTCHAN 

49:00 TPKTCHAN 
0217c303770000103 

49:00 TPKTCHAN : 

49:00 TPKTCHAN : 

49:00 TPKTCHAN : 



ER 



7> 



<1848> token = (4294967185) . <532> SEQUENCE 

. <1849> algorithmOID = (7) { itu-t recommendation h 235 2 6 



<1851> paramS = (4294967185) . <507> SEQUENCE . . . 

. <1852> null = (4294967173) . <9> NULL 

<1853> hash = (96) ' . . t if) . 8 . A- 8e ' =0x0319a269dblc380bc08d38e9 



(0) 
<0> 
< 



<1855> willRespondToIRR = (0 
<1856> uuiesRequested = (429 
<1857> setup = (0) . <0> 
<1858> callProceeding = (0 
<1859> connect = (0) . <0 
<1860> alerting = (0) . < 
<1861> information = (0) . 
<1862> releaseComplete 
<1863> facility = (0) 
<1864> progress = (0) 
<1865> empty = (0) . <0> 
<1866> status = (0) . <0> 
<1867> statuslnquiry = (0) 
<1868> setupAcknowledge = 
<1869> notify = (0) . <0> 
INFO - New message (channel 1) s 
INFO - Message: 
0> <1436> Q931Message = (0) . 
1> . <1437> protocolDiscrimi 
1> . <1877> callReferenceVal 
2> . . <1878> twoBytes = (35 
1> . <1438> message = (42949 
2> . . <1439> alerting = (0) 
3> . . . <1440> userUser = ( 
4> . . . . <1441> protocolDi 
4> . . . . <1442> h323-UserI 



) . <0> BOOLEAN 

4967185) . <1829> SEQUENCE 

BOOLEAN 

) . <0> BOOLEAN 

> BOOLEAN 

0> BOOLEAN 

<0> BOOLEAN 
0) . <0> BOOLEAN 
0> BOOLEAN 
0> BOOLEAN 
BOOLEAN 

BOOLEAN 

<0> BOOLEAN 
(0) . <0> BOOLEAN 

BOOLEAN 
ent — > alerting: 



<6213> SEQUENCE [PRIVATE 1] 
nator = (8) . <45> INTEGER (0..255) 
ue = (4294966741) . <6201> CHOICE 
082) . <6187> INTEGER [EMPTY 2] (0.. 65535) 
66741) . <6148> CHOICE ... 

<6120> SET [EMPTY 1] ... 
0) . <5461> SEQUENCE [APPLICATION 126] 
scriminator = (5) . <45> INTEGER (0..255) 
nformation = (4294966741) . <5451> SEQUENCE 



5> <1443> h323-uu-pdu = (4294966741) . <5401> SEQUENCE ... 

6> <1444> h323-message-body = (4294966741) . <5359> CHOICE ... 

7> <1445> alerting = (0) . <5266> SEQUENCE ... 

8> <1446> protocolldentif ier = (6) { itu-t recommendation h 

OBJECT IDENTIFIER 

8> <1882> destinationlnfo = (0) . <4403> SEQUENCE ... 

9> <1883> vendor = (0) . <4186> SEQUENCE ... 

10> <1884> vendor = (0) . <4169> SEQUENCE ... 

11> <1885> t35CountryCode = (11) . <45> INTEGER (0..255) 

11> <1886> t35Extension = (11) . <45> INTEGER (0..255) 

11> <1887> manufacturerCode = (11) . <155> INTEGER 



10> <1888> productld 

c69636174696f6e . <4181> OCTET STRING (1. 
10> <1890> versionld 



= (16) 'Test application' 

.256) 

= (9) 'RADVision' 



<4181> OCTET STRING (1..256) 

9> <1892> terminal = (0) . <4204> SEQUENCE ... 

9> <1893> mc = (0) . <0> BOOLEAN 

9> <1894> undefinedNode = (0) . <0> BOOLEAN 

8> <1879> callldentifier = (4294966741) . <3568> SEQUENCE .. 

9> <1880> guid = (16) ' . . A. w. . . 2 . V4444I ' 

20d5634343434ef . <3625> OCTET STRING (16.. 16) 

8> <1896> cryptoTokens = (4294966741) . <752> SET OF CHOICE 

9> <1897> * = (4294966741) . <3421> CHOICE ... 

10> <1898> nestedcryptoToken = (4294966741) 



<384> CHOICE 

11> <1899> cryptoHashedToken = (4294966741) . <339> 

(7) { itu-t recommendation h 235 
= (4294966741) . <556> SEQUENCE 



14:49:00 TPKTCHAN 
SEQUENCE 

14:49:00 TPKTCHAN : 12> <1900> tokenOID = 

2 1}. <171> OBJECT IDENTIFIER 

14:49:00 TPKTCHAN : 12> <1902> hashedVals 



ETSI 



26 



ETSI TS 101 888 V4.2.1 (2003-12) 



14:4 

235 

14:4 

(1. ■ 

14:4 

14:4 

.G.a 

<725 

14:4 

' .0. 

= 0x0 

0310 

14:4 

14:4 

h 23 

14:4 



9:00 TPKTCHAN : 13> 

2 5}. <171> OBJECT IDENTIFIER 
9:00 TPKTCHAN : 13> 

-1) 



00 TPKTCHAN 
00 TPKTCHAN 
.e.k.e.e.p.e. 
BMPString (1. 
00 TPKTCHAN 
0.0.0.0.2.0.C 



: 13> 

: 13> 

:' =0x005300690065006d0065006e00 

.128) 

: 13> 

.6.6.0.7.3.3.0.4.9.9.8.5.9.3.1.1 



03000300030003000300030003200300030003600360030 
03700320030003300300034003900390038003500390033 

9:00 TPKTCHAN : 12> <1 

9:00 TPKTCHAN : 13> 

5 2 6}. <171> OBJECT IDENTIFIER 

9:00 TPKTCHAN : 13> 



<1903> tokenOID = (7) { itu-t recommendation h 

<1914> timeStamp = (1023194940) . <738> INTEGER 

<1913> random = (43) . <735> INTEGER 
<1905> generallD = (36) ' .S .i .e.m.e.n. s . 

730020004700610074006500 6b00650065007000650072 . 

<1908> sendersID = (84) 
.7.2.0.3.0.4.9.9.8.5.9.3.1.1.6.5.8' 

003700330033003000340039003 90 03800350039003300310 
00310031003600350038 . <725> BMPString (1..128) 
915> token = (4294966741) . <532> SEQUENCE 
<1916> algorithmOID = (7) { itu-t recommendation 



<1918> paramS = (4294966741) . <507> SEQUENCE 



14:49:00 TPKTCHAN 
14:49:00 TPKTCHAN 
=0x8bl7cbb57906000 
14:49:00 TPKTCHAN 
14:49:00 TPKTCHAN 
14:49:00 TPKTCHAN 
CHOICE . . . 
14:49:00 TPKTCHAN 
14:49:00 TPKTCHAN 
ENUMERATED . . . 
14:49:00 TPKTCHAN 
14:49:00 TPKTCHAN 
14:49:00 TPKTCHAN 
14:49:00 TPKTCHAN 
14:49:00 TPKTCHAN 
14:49:00 TPKTCHAN 
14:49:00 TPKTCHAN 
14:49:00 TPKTCHAN 
14:49:00 TPKTCHAN 
14:49:00 TPKTCHAN 
14:49:00 TPKTCHAN 
14:49:00 TPKTCHAN 
14:49:00 TPKTCHAN 
14:49:00 TPKTCHAN 
14:49:00 TPKTCHAN 
14:49:00 TPKTCHAN 
14:49:00 TPKTCHAN 
14:49:00 TPKTCHAN 
14:49:00 TPKTCHAN 
14:49:00 TPKTCHAN 



: 14> . . 
: 13> . . 
OOOffOOff 



8> 
8> 
8> 

9> 

8> 



<1919> null = (0) . <9> NULL 

<1920> hash = (96) ' < . Euy . . . . y . y ' 

<243> BIT STRING 

<1448> multipleCalls = (0) . <0> BOOLEAN 

<1449> maintainConnection = (0) . <0> BOOLEAN 

<1450> presentationlndicator = (4294966741) . <4784> 



. <1451> presentationAllowed = (0) . <9> NULL 
<1452> screeninglndicator = (4294966741) . <4765> 



9> . 
6> . 
INFO 

00000 
00016 
00032 
00048 
00064 
00080 
00096 
00112 
00128 
00144 
00160 
00176 
00192 
00208 
00224 
00240 
00256 



. . . <1453> userProvidedVerif iedAndFailed 
<1895> h245Tunneling = (0) . <0> BOOLEAN 



(0) 



Binary 
08 02 J 
00 04 
70 6c 
69 6f 
10 32 
81 6b 
3c f c 
65 00 
6b 00 
30 00 

30 00 

34 00 

31 00 

39 00 

35 00 
a7 80 

40 10 



89 0a 
22 cO 
69 63 
6e 01 
Od 56 
00 02 
b7 3b 
6e 00 
65 00 
30 00 

36 00 
39 00 

37 00 

38 00 
38 07 
3d 92 
80 01 



01 7e 
0b 0b 
61 74 
b2 d8 

34 34 
01 c5 
01 2b 
73 00 
65 00 
30 00 
36 00 
39 00 
32 00 

35 00 
00 08 
Id 43 
00 



00 fd 05 

00 0b Of 

69 6f 6e 
00 11 00 
34 34 ef 
00 07 00 
22 00 53 
20 00 47 

70 00 65 
30 00 30 
30 00 37 

38 00 35 
30 00 33 

39 00 33 
81 6b 00 
ca 8b aO 



23 80 

54 65 

08 52 

02 17 

8 ae 

08 81 

00 69 

00 61 

00 72 

00 30 

00 33 

00 39 

00 30 

00 31 
02 06 

01 00 



06 00 

73 74 

41 44 

c3 03 

01 74 
6b 
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6.6 Private key of Gatekeeper 



imported private key info: 
privatekeyinf o->version : 00 
privatekeyinfo->privateKeyAlgorithm: 
. algid->parameters : 0500 ( NULL ) 



1 2 840 113549 111 



privatekeyinf o->privateKey : 

3082025c02010002818100c6c23d31fb87b7f340325ca2a4dlflfca43cl364ac 
f870cfd3aflle371a9b5500d7 9ae3c0 96663callbcl2750bd8ab2d694b73dld7 
fleaf338de4dbc4eb0all2bd4e9bbcfc8413 85a3a23 8a4f8 90c8clba3dfec5 6 
92753cdcf0c3aca997c7ba842e21bbf35b5d0 688be4 6e6a9aad47d2ade7fcfdb 
2aa55db2 917 98704 6bd01b02030 1000 102 81 80 10c7c35cddec8 6663e0c42 6fe4 
d4 68c6b8a2edcc3 9223c7bff5 62f7f715 02fa3938fab5blc3c0dbeb8a2 953 85 6 
8 8b3 630119c2ac7bbbcbe73eecddc941277e61ad8 841e990371cdcld03 96412 6 
afb3 623ec66d9d00b9c21a7 6ad2 818a2e6031c2a37dd83 0e5ell54 61454 0f5e 
95d04a7 83 03 94 0c62403 9b241flebb74 9e0101024100e8e0e614 8clb61f824f6 
3 85ffe9597d8771b2273eccfb75cel34d224 83cff2c974d9277ec543fb32c2 92 
d3 0e5 0223a8blcdclca3dda72a027d0218a55cddl69b024100da7eld3 6b4f256 
417b8aledd5 65142bc2 60d8ea0 9aad4 8 05 875bcl94e2be0d4a221ae3 9519d2al 
05a4b0b28d51d83bea89832d39403ddc47be392456240b04810241008164a4b2 
7 9fea4fab99ecd4 8192e8 94 64f37 9677 0ef7 83 0c6a5d6cfdb8f7 8cl0ff8 9c0f6 
212 95aa3a3 94ed0c2 0de43e513ce0163d33e94 8af9667 6c73ac7e54d02403be6 
5d3df547 8 6cc37 013bcaf4721cb8 963alb42fe84c8fcf30 9fdbd42 9855ee60 01 
3d2 95 04 605 6dl5a477 9ef4b432 60ef4 82e2ac6e8eeae20816bebcdbfd3810240 
3 84347dec74fc01d43ef3103 0ce851b2ae4e25 6f02f5bf68f0e6b6d5024bc2b7 
b9dlaa281d0b3a411a8eac0 659425blc3a377cll01ac2f5619facf0a8 61edd4b 



privatekeyinf o->attributes : 
. attributes->attributes [0] 



attribute not null 
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6.7 Certificate of Gatekeeper 

cert->tbs : 

cert_tbs->version: 02 

cert_tbs->issuer : /cn=IPL Certification Authority RSA/c=de/o=Siemens AG/ou=ZT IK 
3/l=Munich/sp=Bavaria 

cert_tbs->issuerUI : pointer was NULL 

cert_tbs->serialNumber : 52 

cert_tbs->signature : 

. algid->algorithm: 1 2 840 113549 115 

. algid->parameters : 0500 ( NULL ) 

cert_tbs->sub ject : /cn=gatekeeper H3232GK/ou=IC 3/o=Siemens AG/l=Munich/c=DE 

cert_tbs->sub jectPKI : 

spki->sub jectAI : 

. algid->algorithm: 1 2 840 113549 111 

. algid->parameters : 0500 ( NULL ) 

spki->subjectPK: 

30 818 902818100c6c23d31fb87b7f340325ca2a4dlflfca43cl3 64acf870cfd3 
aflle371a9b5500d7 9ae3c0 96663callbcl2750bd8ab2d694b73dld7fleaf33 8 
de4dbc4eb0all2bd4e9bbcfc8413 85a3a23 8a4f8 90c8clba3dfec5 692753cdc 
f0c3aca997c7ba842e21bbf35b5d0 68 8be4 6e6a9aad4 7d2ade7fcfdb2aa55db2 
917 98704 6bd01b02030 10001 

cert_tbs->sub jectUI : pointer was NULL 

cert_tbs-> validity: 

notBefore: 21.03.2002 10:23:00 

notAfter: 10.03.2004 10:22:59 
cert_tbs->extensions : 

extensions->extensions [ ] : 

. extension describer: no extension describer available 

. extension->extnID: 2 16 840 1 113730 1 1 

. extension->critical : 

. extension->extnValue: 03020040 

extensions->extensions [ 1 ] : 

. extension describer: 

. . sub jectKeyldentif ier 

. extension->extnID: 2 5 29 14 

. extension->critical : 

. extension->extnValue: 04143bla3dccfb2 6f cc25ef cl23 97 9b6abdba64 810f 7 

extensions->extensions [ 2 ] : 

. extension describer: 

. . authorityKeyldentif ier 

. extension->extnID : 2 5 29 35 

. extension->critical : 

. extension->extnValue: 301680140 67 8 875c340e65 82 67 674f 24f 4 9331a9134f 5 8b4 
cert->signature : 
signature->signAI : 

. algid->algorithm: 1 2 840 113549 115 
. algid->parameters : 0500 ( NULL ) 

signature->signBS 

. 96afdclf2 8 8b0d75f8d9e5 933 6a73242 818eb2741651547d2bb7b8a0c27 91b8 6 
. 913c923fa2ef02d2eefaf5666da68e3d9040e676ff25d89blc6718163d39494f 
. d845 997f7cee631813048bf8284e516613df0 6bbbl487f216bl6faff4d33b2f3 
. 4df8277 8df57 0bclae92 9af72c4c3c0 975 82al05dd0a4 61ff3b2 6f31e2f41b27 

6.8 Private key of endpoint 

privatekeyinf o->version : 
privatekeyinf o->privateKeyAlgorithm: 

. algid->algorithm: 1 2 840 113549 111 

. algid->parameters : 0500 ( NULL ) 

privatekeyinf o->privateKey : 

3 82 025d02010002818100d7 94 6eb4 930a563fddll67ed321e9b4aa8bl45150d 
C99cb7f953d22el821954el8c5d8f8c6153720 6d34fb65cc345 0fe2d3 938fd4a 
d084dbb2314e9bec8c90 6df5 8 9f5d404d40eea311f3 9ald6447d9a8 87d423edl 
C92428 99e3d71fl9f4bel95 83421410 636fl8dlb3c9b3744 6ale415 693d40ae 
09cd87ceeab5cl8ea7f793020103028181008fb849cdb75c397fe8b64548ccl4 
67 871b20d8b8b3dbbdcffb8d36c9656bb8debb2e90a5d9637al5 9e235243dd78 
35fec8d0d0a8dc8b033d217 634 67f30 8 604 814e6b002d03 64fl2ca88f3b8 6cf0 
378bb7e22a5cef9eb315457dal6d470 653c5a57 904db2 8 615744 68fbb52cc2 85 
bb9b610b4de425 69fl724c8al9a7a2042afb024100f411e4 623a0c5fe51330 8f 
bbf8ac9010371dd4ef8ee7ef6c20 8 8d05235 8 69ff34d0a73d6d52cd424dlc227 
2f9fa74d0c7b7a3b3 953c0c4719cfea93b424b4al5024100e21e0 96d927 63 8 68 
ee213c513a2f9a3 8bd8c2dc3db732 81c911e94a8f9e4a07d92f42 621747 81a81 
ac0 0e444 80fa37cbc35e0d31222aleeabflce60ad95 66d07024100a2b698417c 
083fee0ccb0a7d5 0730ab57al3e34a5f454a4 815b0 8ael7 904 6aa2335c4d3 9e3 
7338188bd6c4ca6a6f88b2fcfc277b8d2b2dall35470d22c32316302410096be 
b0f3b6f97af0 9ec0d2e0dl75117b2 9081e82 924cc5 68 60bf0dc5fbedc053b74d 
6ec0f85 011abc800 982dab517a87d7 940 8cb6clcl4 9c7f68 995c90e44 8af0241 
00b6f200831f7 9417dla91c7252a5f587dc9cfl57ae80b521f7db7f34af9cel7 
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. 33 69d6c0aadfcee8c44 6fface88 937442dec35fa8 9182cc2 927ea0a519cd87a2 
. 86 

privatekeyinf o->attributes : 

. attributes->attributes [0] : attribute not null 



6.9 Certificate of endpoint 



cert->tbs : 

cert_tbs->version : 02 

cert_tbs->issuer : /cn=IPL Certification Authority RSA/c=de/o=Siemens AG/ou=ZT IK 
3/l=Munich/sp=Bavaria 

cert_tbs->issuerUI : pointer was NULL 
cert_tbs->serialNumber : 50 

cert_tbs->signature : 

. algid->algorithm: 1 2 840 113549 115 

. algid->parameters : 0500 ( NULL ) 

cert_tbs->subject : /cn=Clientl H323/ou=IC3/o=Siemens AG/l=Munich/c=DE 

cert_tbs->sub jectPKI : 
spki->sub jectAI : 

. algid->algorithm: 1 2 840 113549 111 
. algid->parameters : 0500 ( NULL ) 

spki->subjectPK: 

30818702818100d7946eb4930a563fddll67ed321e9b4aa8bl45150dc99cb7f9 
53d22el821954el8c5d8f8c6153720 6d34fb65cc345 0fe2d3938fd4ad084dbb2 
314e9bec8c90 6df5 8 9f5d4 04d4 0eea311f3 9ald6447d9a8 87d423edlc9242 8 99 
e3d71fl9f4bel95 83421410 63 6fl8dlb3c9b3744 6ale4150 693d4 0ae0 9cd87ce 
eab5cl8ea7f7 93020 103 

cert_tbs->sub jectUI : pointer was NULL 

cert_tbs-> validity: 

notBefore: 21.03.2002 10:00:17 

notAfter: . 10.03.2004 10:00:16 
cert_tbs->extensions : 

extensions->extensions [ ] : 

. extension describer: no extension describer available 

. extension->extnID: 2 16 840 1 113730 1 1 

. extension->critical : 

. extension->extnValue: 03020080 

extensions->extensions [ 1 ] : 

. extension describer: 

. . sub jectKeyldentif ier 

. extension->extnID: 2 5 29 14 

. extension->critical : 

. extension->extnValue: 0414570a9d020b22blacf 3244 6dc3 669b8 0f e211d7 6 

extensions->extensions [ 2 ] : 

. extension describer: 

. . authorityKeyldentif ier 

. extension->extnID : 2 5 29 35 

. extension->critical : 

. extension->extnValue: 30168014 67 8 875c340e65 82 67 674f 24f 4 9331a9134f 5 8b4 
cert->signature : 
signature->signAI : 

. algid->algorithm: 1 2 840 113549 115 
. algid->parameters : 0500 ( NULL ) 
signature->signBS 

. If53 87a3bd3 6a2f5 98 0c6c8455 0c4 666c61fd4da0d9545 0247 8b2a71a60 1692 
. 9e8b51f669fe75 67bdd3fd0f219380fad7f2e607 6c8 9b2375 9671625a52balld 
. 2 8 84 62a3df5 8272f0a94ffc5771a23 8dec6e77b81f0 92 85 97bf55dl3acalf3 97 
. f4b4fl513b5d2cb5d0b4 83 6994eb5a3 6c77c951fb2b4f22aa24f8 6c3cl9c6e 

6.10 Test Configurations 
6.10.1 Gatekeeper and Terminal 

Clauses 6.2, 6.3, 6.4 and 6.5 correlate to a test configuration of a Terminal and a Gatekeeper. 



6.1 0.2 Gatekeeper and Gateway 



Annex F of H.235 [2] does not cover this configuration. It is recommended to deploy annex D of H.235 [2] for that 
scenario, see clause 5.6.2. 
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6.1 0.3 Gatekeeper and Gatekeeper 



The Gatekeeper-to-Gatekeeper communications according to Annex F H.235 [2] is very similar to the terminal 
Gatekeeper communication, with the exception that different private/public keys, certificates are used and that the call 
signalling messages are being digitally signed. 



7 Global Service Providers 

For further study. 
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